Authentication method and system

ABSTRACT

The present invention provides a method and apparatus for the production and labeling of objects in a manner suitable for the prevention and detection of counterfeiting. Thus, the system incorporates a variety of features that make unauthorized reproduction difficult. In addition, the present invention provides a system and method for providing a dynamically reconfigurable watermark, and the use of the watermark to encode a stochastically variable property of the carrier medium for self-authentication purposes.

CROSS REFERENCE TO RELATED APPLICATIONS

The present invention is a continuation of U.S. patent application Ser.No. 10/655,625, filed Sep. 4, 2003, now U.S. Pat. No. 8,171,567, issuedMay 1, 2012, which claims benefit of priority from U.S. ProvisionalApplication Ser. No. 60/408,511, filed Sep. 4, 2002, the entirety ofwhich are expressly incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to the field of object authentication andcounterfeit detection, and more particularly to improved hardwaredevices and methods of use thereof.

BACKGROUND OF THE INVENTION

The issues of authentication and counterfeit deterrence can be importantin many contexts. Bills of currency, stock and bond certificates, creditcards, passports, bills of lading, as well as many other legal documents(e.g., deeds, wills, etc.) all must be reliably authentic to be useful.

It is typically important, for an efficient stream of commerce, forbills and certificates to be self-authenticating; that is, for arecipient to be able to determine the authenticity of the document,without resort to extrinsic information, upon presentation. Likewise, italso remains useful for additional tools to be available for a forensicanalysis of authenticity, especially covert features which might bemissed by even a skilled counterfeiter.

In the realm of currency, anti-counterfeiting methods have become quitesophisticated—the use of two-dimensional authentication mechanisms suchas watermarks or special threads incorporated within the paper itselfare helpful. However, they remain vulnerable to reverse-engineering.Once a potential counterfeiter learns how to emulate theanti-counterfeiting technology, he may use it to his own advantage.Therefore, the simple release of anti-counterfeiting technology into theworld can be an indirect pathway to advance the state of criminaltechnology.

Several methods have been proposed for increasing the security ofpaper-based certificates. For example, randomly placed fibers aredifficult to counterfeit, so that a coding of location and fiberproperties becomes a useful scheme. See, U.S. Pat. Nos. 5,974,150,6,246,061 and 6,035,914, expressly incorporated herein by reference intheir entirety. This coding may be provided in an external database, forexample indexed through a serial number, which allows an on-lineauthentication of a bill. The coding may also be cryptographicallyprinted on the bill, which may allow self-authentication by relying onthe cryptographic security. As with all cryptographic schemes, once thescheme is “broken”, than is, a counterfeiter has available to it thetools to read the information encrypted, and/or create a new code whichappears legitimate, the cryptographic scheme no longer serves itspurpose.

Therefore, it is useful to provide various types or levels ofcryptographic authentication to preserve the value of the authenticationfeature. Advantageously, both physical and algorithmic impediments arepresented, increasing the required skill set of the counterfeiter toachieve a successful counterfeit, and also increasing the costs andrisks associated with the activity.

PRIOR ART

A wide variety of attempts have been made to limit the likelihood ofcounterfeiting. For example, some have tried to assure the authenticityof items by putting coded or uncoded markings thereon (e.g., an artist'ssignature on his or her painting). Unfortunately, as soon as the code isbroken—e.g, a counterfeiter learns to duplicate a signature, this methodbecomes worthless for authentication purposes. In the context of paperproducts (e.g., currency), counterfeiting-prevention methods have alsoused two-dimensional authentication mechanisms—e.g, watermarks orspecial threads incorporated within the paper used to make the currency.These mechanisms are clearly helpful, but they can also be overcome. Forexample, counterfeiters routinely bleach a one-dollar bill (in such away that the colored threads, which mark the special currency paper, arenot damaged) and then imprint the markings of a one hundred-dollar billthereon. Thus, the mere release of physical security materials into themarket forms one limitation on their unfettered use.

Other authentication methods have utilized mechanisms that provide threedimensions of data. For example, the holograms provided on many creditcards provide more variables (i.e., relative to two-dimensional threadsor watermarks) which may be precalibrated, and thereafter, used toverify the authenticity of an item. Nevertheless, since holograms have apre-set, or deterministic, pattern they may also be duplicated andcounterfeit products made. Further, since the holograms are invariant,they are subject to pilferage before application to goods, ortranslocation from authorized to unauthorized goods in the marketplace.Authentication mechanisms, which utilize deterministic patterns, areinherently vulnerable to counterfeiting since the counterfeiter, inessence, has a “fixed” target to shoot at. High security schemes, suchas military codes, have encryption keys that change frequently. Thismethod, however, assists prospectively in securing valuabletime-sensitive information, and does not prevent subsequent decryptionof a previously transmitted message. At the other end of the spectrum, arandom element-based authentication mechanism would provide anincessantly “moving” and nonrepeating target that would be practicallyimpossible to undetectably duplicate, without knowledge of the encodingscheme.

Finally, although existing authentication mechanisms provide adequateprotection against counterfeiting in some contexts, increasinglypowerful tools are available to decode encrypted messages, making moresecure schemes necessary for long-term protection. For example, inconjunction with its monitoring and surveillance activities, governmentsroutinely seek to break or circumvent encryption codes. The technologiesemployed are then quickly adopted by the private sector, and indeedgovernment regulations seek to maintain weak encryption standards,facilitating code-breaking. In addition to computers, currentcounterfeiters have access to extremely powerful tools for underminingphysical copy-protection schemes—e.g., color photocopying equipment,reverse engineering of semiconductor chips, etc. These factors havecombined to continually provoke strong demand for new methods andmechanisms for authenticating items, especially methods and mechanismsthat are less vulnerable to counterfeiting and/or employ newcopy-protection mechanisms.

More recently, techniques have evolved for authentication of digitalinformation, for example based on cryptological techniques. However,these techniques do not serve to verify the authenticity of a particularcopy of the information. In fact, modern digital content protectionschemes do seek to prevent digital copying of content; however, theserely on secure hardware for storage of the digital content, and a breachof hardware security measures results in copyable content with nodistinction between an original and a copy thereof.

A number of modern systems implement challenge-response authentication,which provide enhanced security for encryption keys and encryptedcontent. See, for example, U.S. Pat. No. 6,028,937 (Tatebayashi et al.),U.S. Pat. No. 6,026,167 (Aziz), U.S. Pat. No. 6,009,171 (Ciacelli etal.) (Content Scrambling System, or “CSS”), U.S. Pat. No. 5,991,399(Graunke et al.), U.S. Pat. No. 5,948,136 (Smyers) (IEEE 1394-1995), andU.S. Pat. No. 5,915,018 (Aucsmith), expressly incorporated herein byreference, and Jim Wright and Jeff Robillard (Philsar Semiconductor),“Adding Security to Portable Designs”, Portable Design, March 2000, pp.16-20.

The present invention therefore addresses instances where the issue isnot merely whether the information is authentic, but rather whether theinformation is authentic (and unaltered), and the copy itself anoriginal. Obviously, known techniques may be used to authenticate thecontent of a document, for example, by providing self-authenticatingdigital signatures, remote database authentication, trusted intermediarytechniques, and the like. Likewise, numerous techniques are availablefor providing self-authenticating features for the physical medium, forexample, security threads, inks, papers and watermarks, printingtechniques (e.g., intaglio printing, microlithography), fluorescent inksand/or fibers, stenangiographic patterns, magnetic and/orelectrical/electronic patterns, and the like.

In fact, database techniques are known for authenticating objectsassociated with documents (labels or certificates), in which thedocument is both self-authenticating and may further reference a remotedatabase with authentication information for the document or associatedobject. These techniques, however, are not intended to primarily securethe document itself, and thus the techniques fail to particularlyaddress document content security and authentication, as well as modelsfor commercial exploitation thereof.

It is known that the color of an object can be represented by threevalues, and that the color may be used for identification andauthentication. For example, the color of an object can be representedby red, green and blue values, an intensity value and color differencevalues, by a CIE value, or by what are known as “tristimulus values” ornumerous other orthogonal combinations. For most tristimulus systems,the three values are orthogonal; i.e., any combination of two elementsin the set cannot be included in the third element. One such method ofquantifying the color of an object is to illuminate an object with broadband “white” light and measure the intensity of the reflected lightafter it has been passed through narrow band filters. Typically threefilters (such as red, green and blue) are used to provide tristimuluslight values representative of the color of the surface. Yet anothermethod is to illuminate an object with three monochromatic light sourcesor narrow band light sources (such as red, green and blue) one at a timeand then measure the intensity of the reflected light with a singlelight sensor. The three measurements are then converted to a tristimulusvalue representative of the color of the surface. Such color measurementtechniques can be utilized to produce equivalent tristimulus valuesrepresentative of the color of the surface. Generally, it does notmatter if a “white” light source is used with a plurality of colorsensors (or a continuum in the case of a spectrophotometer), or if aplurality of colored light sources are utilized with a single lightsensor.

Tamper Evident Certificates

U.S. Pat. Nos. 5,913,543 and 5,370,763 (Curiel), expressly incorporatedherein by reference, relates to a tamper evident and counterfeitresisting document, for example a temporary vehicle registration whichmay be made of paper or paperboard. The document has a zone forinserting information and a pattern within said zone for resistingcounterfeiting. A transparent tape which preferably has a silicone resincoating which contains a wax is adhesively secured over informationcontained within the zone. In other embodiments, an alteration resistantarticle contains variable data and includes an outer film having anupper surface and a lower surface with an adhesive secured to the lowersurface. A hologram for receiving at least a portion of the variabledata on the upper surface is secured to the outer film lower surfaceand, in one embodiment, the hologram has portions which have releaseproperties and portions which have greater adhesive bonding propertiesthan the release containing portions. These respective portions may beestablished by providing a release material on certain portions of theupper surface of the hologram and providing adhesive enhancing materialson other portions of the hologram upper surface. The hologram may beembossed and have a metallized upper surface. A plurality of relativelysmall hologram particles may be provided in the outer layer and/or theadhesive layer. The hologram is secured to a substrate which, in oneembodiment, has an upper surface printed with pattern means which areprinted to a lesser depth than the variable data. In another embodiment,the hologram is provided as a unit with the outer film and overlies thevariable data. This system therefore provides physical techniques fordocument authentication and preventing content alteration.

U.S. Pat. No. 5,601,683 (Martin, Feb. 11, 1997), incorporated herein byreference, provides a photocopy resistant document, having a backgroundpattern or logo which is printed with solvent-sensitive, dye based ink.The presence of this photocopy-resistant background pattern or logolimits copying.

U.S. Pat. No. 5,949,042 (Dietz, II, et al., Sep. 7, 1999), expresslyincorporated herein by reference, provides a gaming ticket validationsystem and method. This patent discloses the use of a validating system,whereby to deter fraud, a validation code is provided which uniquelyidentifies an article by a combination of a validator machine and a hostcomputer. The validator machine reads the validation code and relays itto the host computer to check for legitimacy (proper form andavailability) and to correlate it to a stored record of indicia. Ifapproved, the host computer sends its record of indicia back to thevalidator machine for display on a monitor. The method is summarized as(1) printing a validation code on an article consisting of a combinationof numbers and/or symbols which validation code uniquely identifies saidarticle; (2) inserting said article into a first validator which readsthe validation code and communicates this code to a separate secondvalidator; (3) comparing the validation code with second validator to alist of legitimate and available article validation codes stored in amemory of this second validator and determining if the code is valid;(4) finding a record in the memory of the second validator which spitsout certain necessary information correlating to that code (location ofsale, date of manufacture, style, etc).

Artificial Watermarks

U.S. Pat. No. 5,928,471 (Howland, et al. Jul. 27, 1999), expresslyincorporated herein by reference, relates to improved security featuresfor paper, and in particular to a method of making paper andtransparentising selected areas of paper to provide enhanced securityfeatures. The invention thus provides a method of making papercomprising the step of depositing fibers onto a support surface to forma porous absorbent sheet, applying a transparentising resin to at leastportion of said porous sheet and subsequently impregnating the poroussheet with a sizing resin.

The following patents, expressly incorporated herein by reference,provide enhanced security features for use with finished paper and fornon-currency and non-security papers. EP-A2-0203499 discloses a methodof applying a pseudo watermark to paper. This method comprises thepreparation of a paper containing thermally sensitive material, thepresence of which renders the translucency of the paper variable bytemperature change. When heat is subsequently applied to a part of thesurface of the paper, a region of the paper becomes semi-translucent.U.S. Pat. No. 2,021,141 (Boyer, November 1935) discloses a method ofapplying pseudo watermarks to paper, by applying a resinous compositionto finished paper which permeates the paper and causes it to become moretransparent, or translucent, than the surrounding area. GB-A-1489084describes a method of producing a simulated watermark in a sheet ofpaper. The sheet is impregnated in the desired watermark pattern with atransparentising composition which, when submitted to ultra violetradiation, polymerizes to form a simulated watermark. U.S. Pat. No.5,118,526 (Allen, et al., Jun. 2, 1992) describes a method of producingsimulated watermarks by applying heat, in the desired watermark pattern,onto a thin solid matrix of waxy material placed in contact with a sheetof paper. This results in an impression of a durable translucentwatermark. U.S. Pat. No. 4,513,056 (Vernois, et al., Apr. 23, 1985)relates to a process for rendering paper either wholly or partiallytransparent by impregnation in a special bath of a transparentizationresin and subsequent heat cross-linking of the resin. EP-A1-0388090describes a method of combining a see-through or print-through featurewith a region of paper which has a substantially uniform transparencywhich is more transparent than the majority of the remainder of thesheet. JP 61-41397 discloses a method for making paper transparent and amethod for its manufacture for see-through window envelopes. The methodutilises the effect of causing ink cross-linked by ultra-violet rays topermeate paper thus causing that part of the paper to becometransparent.

Copy Resistant Printing Techniques

U.S. Pat. No. 5,946,103 (Curry, Aug. 31, 1999), expressly incorporatedherein by reference, relates to halftone patterns for trusted printing.Predetermined machine and/or human readable information is embedded inat least one serpentine pattern that is printed on each originaldocument, so that any given instance of such a document can be laterverified or refuted as being the original by determining whether thisinformation can be recovered from the document or not. The method forverifying the originality of printed documents, said comprises providingat least one trusted printer for printing original documents, embeddingpredetermined information in each of the original documents in at leastone halftone pattern that is composed of halftone cells, each of thecells containing a fill pattern which is symmetric about a central axisof the cell, with the information being represented by the angularorientations of the respective axis of symmetry of at least some of thecells; and classifying the documents as original documents only if saidpredetermined information can be recovered therefrom. Thus, thetechnique relies on information which can be readily printed but notreadily photocopied.

Self-clocking glyph codes have been developed for embedding machinereadable digital data in images of various descriptions. See, forexample, Bloomberg et al. (U.S. patent application, filed May 10, 1994under Ser. No. 08/240,798) for Self-Clocking Glyph Codes and U.S. Pat.No. 5,453,605 (Hecht et al., Sep. 26, 1995) for Global Addressabilityfor Self-Clocking Glyph Codes. To integrate these glyph codes into lineart images, the data typically are embedded in small, similarly sized,spatially formatted, elliptical or slash-like marks or “glyphs” whichare slanted to the left or right in generally orthogonal orientations toencode binary zeros (“0's”) or ones (“1's”), respectively. Customarily,these glyphs are written on a spatially periodic, two-dimensionallattice of centers at a density that enables up to about 500 bytes ofdata per square inch to be stored on a document. These glyph codes arewell suited for incorporating digital data channels into textual andother types of line art images.

U.S. Pat. No. 5,193,853 (Wicker, Mar. 16, 1993), and U.S. Pat. No.5,018,767 (Wicker, May 28, 1991), incorporated herein by reference,provide anticounterfeiting methods wherein a marked image has a minutedot or line pitch which varies from normal scanning resolution oftypical copying devices, making such mechanical copying detectable.

U.S. Pat. No. 5,315,112, (Tow, May 24, 1994) for Methods and Means forEmbedding Machine Readable Digital Data in Halftone Images, describesthe use of “circularly asymmetric” halftone dots for incorporatingself-clocking glyph codes into halftone images, and defines a workableapproach if the data is confined to the midtone regions of the image inaccordance with a known or identifiable spatial formatting rule. Highsensitivity, however, is required to recover the embedded data withacceptable reliability from the darker or lighter regions of the image.

U.S. Pat. No. 5,706,099, (Curry, Jan. 6, 1998) for Method and Apparatusfor Generating Serpentine Halftone Images, expressly incorporated hereinby reference, provides circular serpentine halftone cell structures,e.g., Truchet tiles, for embedding data in images. These serpentinehalftone cells have a high degree of rotational tone invariance. Thearcuate fill patterns may be rotated 45 degrees with respect to thehalftone cell boundaries to produce another rotationally distinguishablepair of halftone structures. These structures have been calledManhattans and also are sometimes referred to as ortho-serpentines.

As described in more detail in U.S. Pat. No. 5,696,604, (Curry, Dec. 9,1997) for Analytic Halftone Dot Construction for a Hyperacuity PrinterU.S. Pat. No. 5,410,414 (Curry, Apr. 25, 1995) for Halftoning in aHyperacuity Printer, and U.S. Pat. No. 5,710,636 (Curry, Jan. 20, 1998)for Method and Apparatus for Generating Halftone Images Having HumanReadable Patterns Formed Therein, which are hereby incorporated byreference, halftone patterns may be generated somewhat differently fromthe traditional way that halftones are generated. The goal is to moreprecisely control the way the edges of the halftone fill pattern or“shape” evolves as it grows from highlight to shadow. More particularly,in traditional digital halftoning, turning on an appropriate number ofbits in a threshold array generates the desired tone. The array holds asequence of threshold values that may spiral outward from a centrallocation as the threshold values ascend. Bits corresponding to thoselocations in the halftone cell “turn on” if the incoming data intensityis equal to or greater than the threshold value for that bit location.This method generates halftone dots that grow asymmetrically, as onethreshold after another is traversed through a range of intensity valuesfrom, say, 0 to 255. For serpentine patterns, however, it is desired togrow the halftone fill pattern at all positions on its perimetersimultaneously to maintain better control of the shape. Therefore, a twostep process typically is employed for generating the halftone fillpatterns. First, an analytical shape function is defined which growsaccording to a predetermined evolution from the smallest shape forhighlight regions, through midtones, and finally to full coverage of thehalftone cell. In this step, shape information is maintained with“infinite precision” with analytic functions. Second, as the area of theshape gets larger, the fill pattern or shape is rendered as if it were asegment of text or line art with a corresponding shape. The result ismore control over the shape and the tone evolution of the halftonebecause they are defined with analytic functions. Nevertheless, it isbelieved that would be possible to use the traditional thresholdingarray to generate serpentines given a large enough threshold array.

There are two main goals when analytically defining the shape function.The first is to define functions that can evolve through growth from thesmallest shape at intensity value of zero to the largest shape at avalue of, say, 255 in a continuous manner. Any jumps in tone caused bydiscontinuities in the functions will be readily visible in the halftoneimages. The second goal is ensure that the functions can be solved forthe position and angle of the nearest edge of the shape from any pointwithin the halftone cell, at all stages of its evolution with analyticaccuracy. This allows the shape, which is defined by a hyperbolic shapefunction, to be precisely rendered. The strategy used to create a familyof curves is to fix the focal point to a suitable value, and then selecta x, y value along a halftone cell side, for each family member.

One of the qualities that causes the tone of serpentine halftonepatterns to be substantially invariant to rotation is that there is verylittle change at the boundary between neighboring halftone cells upon90-degree rotation. This is achieved by selecting the points ofintersection for the curve pair defining the fill patterns or shape tobe equidistant from the midpoint of the halftone cell side. Twohyperbolic curves are used to define the serpentine shape, and thepoints at which those curves intersect the periphery of the halftonecell are selected so that these intersections are equally displaced inopposite directions from the midpoint of the cell side. In order to makefull use of the analytic precision with which the halftone shape isdefined, the rendering of the edges of the shape typically is carriedout by modulating the laser of a laser printer with a precision that isfiner than the size of the scan spot. For instance, in the time it takesthe spot to sweep out its own diameter, up to eight bits of digitalinformation can be provided for modulating it. Likewise, inkjet printersmay also produce modulated dot patterns.

The serpentines printed in full color, with the correct color balanceand halftone shapes are extremely difficult to reproducereprographically. The narrow, diagonally extending, unfilled areas inhalftone cells representing the darker tones are especially difficult toreproduce faithfully because ordinary copying tends to cause nearneighboring shapes to blur together, thereby degrading (if notobliterating) the shape information and clues that aid in determiningcell direction. Without these distinguishing features, the image takeson the form of a “waffle” pattern, and is easily recognized as aforgery. Although typical color copiers are excellent at reproducing thecorrect tones for high quality images, they must supply their ownhalftone algorithms to do this properly. They usually have their ownelectronic halftoners embedded in the electronics of the machine, andthese haftoners typically are optimized for machine dependent tonereproduction curves and implementationally dependent halftone dotshapes. Accordingly, it is extremely unlikely that an existing halftonethat is not a serpentine can reproduce a serpentine halftone. Anotherpossible method of reproducing serpentine images is to scan them in,process the image to determine cell orientation, then reproduce theoriginal data file required to print an “original”. This requires accessto a printer that can print serpentines, an unlikely prospect for thecasual counterfeiter.

Accordingly, serpentines are an excellent candidate for trusted printingapplications. For this application, a “trusted printer” (i.e., a printercontrolled by a trusted party, such as a service bureau) typically isemployed for printing original documents that are designed to includeone or more serpentine patterns. Predetermined machine and/or humanreadable information is embedded in at least one of the serpentinepatterns that is printed on each original document, so that any giveninstance of such a document can be later verified or refuted as beingthe original instance by attempting to recover this known informationfrom the document in question. This is not an absolute safeguard againstcounterfeiting, but it is a significant hindrance to those who mayattempt to pass off xerographic copies or other conveniently producedcopies as original documents.

The feature that gives serpentines a large dynamic range also makes themdifficult to copy. As the hyperbolas asymptotically approach thelimiting diagonal of the halftone cell, the small region of white isextremely difficult to copy without loss of contrast. The resulting“waffle” appearance of the halftone screen conveniently lacksdirectionality. This makes serpentines a candidate for imageauthentication and counterfeit deterrence.

Moiré effects have been used in prior art for the authentication ofdocuments. For example, United Kingdom Pat. No. 1,138,011 (Canadian BankNote Company) discloses a method which relates to printing on theoriginal document special elements which, when counterfeited by means ofhalftone reproduction, show a moiré pattern of high contrast. Similarmethods are also applied to the prevention of digital photocopying ordigital scanning of documents (for example, U.S. Pat. No. 5,018,767(Wicker), or U.K. Pat. Application No. 2,224,240 A (Kenrick &Jefferson)). In all these cases, the presence of moiré patternsindicates that the document in question is counterfeit. Another knownmethod provides a moiré effect used to make visible an image en coded onthe document (as described, for example, in the section “Background” ofU.S. Pat. No. 5,396,559 (McGrew, Mar. 7, 1995)), based on the physicalpresence of that image on the document as a latent image, using thetechnique known as “phase modulation”. In this technique, a uniform linegrating or a uniform random screen of dots is printed on the document,but within the pre-defined borders of the latent image on the documentthe same line grating (or respectively, the same random dot-screen) isprinted in a different phase, or possibly in a different orientation.For a layman, the latent image thus printed on the document is hard todistinguish from its background; but when a reference transparencyconsisting of an identical, but unmodulated, line grating (respectively,random dot-screen) is superposed on the document, thereby generating amoiré effect, the latent image pre-designed on the document becomesclearly visible, since within its pre-defined borders the moiré effectappears in a different phase than in the background.

U.S. Pat. No. 6,039,357 (Kendrick, Mar. 21, 2000), expresslyincorporated herein by reference, relates to security bands to preventcounterfeiting with color copies. A protected/security document isprovided that foils counterfeiting even if a laser photocopy machine isutilized. The document has at least three discrete half-tone printedbands disposed on its surface, provided by dots or lines. Each printedband has a different screen density and within each bands the dots orlines comprise a warning word or symbol (e.g. “Void”), or a background.The dots or lines of either the “Void” or background drop out whenphotocopied, while the dots or lines of the other do not. The dots orlines that do not drop out may be dimensioned so that there are about24-34 per centimeter, while for those that do drop out there are about52-64 per centimeter. The bands are typically arranged either linearlyor in concentric circles, and interband areas having density graduallytransitioning between the densities of adjacent bands are provided. Thetotal density variation between discrete bands is typically about10-35%, depending upon ink color, typically about 1.0-10% gradationbetween adjacent bands. Full tone indicia, which does readily reproduce,is also printed on the substrate.

U.S. Pat. No. 5,995,638 (Amidror, et al., Nov. 30, 1999), incorporatedherein by reference, relates to methods and apparatus for authenticationof documents by using the intensity profile of moiré patterns, occurringbetween superposed dot-screens. By using a specially designed basicscreen and master screen, where at least the basic screen is comprisedin the document, a moiré intensity profile of a chosen shape becomesvisible in their superposition, thereby allowing the authentication ofthe document. If a microlens array is used as a master screen, thedocument comprising the basic screen may be printed on an opaquereflective support, thereby enabling the visualization of the moiréintensity profile by reflection. Automatic document authentication issupported by an apparatus comprising a master screen, an imageacquisition means such as a CCD camera and a comparing processor whosetask is to compare the acquired moiré intensity profile with a prestoredreference image. Depending on the match, the document handling deviceconnected to the comparing processor accepts or rejects the document. Animportant advantage is that the process can be incorporated into thestandard document printing process, so that it offers high security atthe same cost as standard state of the art document production. Thesystem is based on the moiré phenomena which are generated between twoor more specially designed dot-screens, at least one of which beingprinted on the document itself. Each dot-screen consists of a lattice oftiny dots, and is characterized by three parameters: its repetitionfrequency, its orientation, and its dot shapes. Dot-screens with complexdot shapes may be produced by means of the method disclosed in U.S.patent application Ser. No. 08/410,767 filed Mar. 27, 1995(Ostromoukhov, Hersch).

U.S. Pat. No. 6,014,453 (Sonoda, et al., Jan. 11, 2000), expresslyincorporated herein by reference, relates to a counterfeit detectingmethod and device to generate counterfeit probability data and apparatusemploying same. Counterfeit probability data are generated indicatingthat a non-reproducible document is being processed even when thepattern which identifies such documents has been defaced. One set ofrules and membership functions is stored in each of three memory sets,for each of (1) an unaltered pattern identifying a non-reproducibledocument, (2) an altered version of that pattern, and (3) a patternidentifying an ordinary reproducible document. A fuzzy inference unituses these rules and membership functions to generate data representingthe probability that a counterfeiting attempt is occurring. Theseprobability data are transmitted to the copy machine through a controlCPU to prevent unlawful copying.

U.S. Pat. Nos. 6,045,881, 6,001,516, 5,919,730, 5,864,742, 5,856,266,5,843,564, and 5,752,152 provide a label or certificate which containsone or more microdots that are embedded in the label or certificate forproviding a non-visual, but machine detectable mark or marks. Thedetected means for detecting the presence of one or more microdots inthe label or certificate inhibits a copy machine from copying thedocument (another embodiment can include the encryption or encoding ofsignatures into a plurality of microdots for assigning documentownership). Here the original label or certificate is placed on a bed ofa scanner to provide a digitized sequence of scanner signals to adigital image processing unit that incorporates a keyboard, touch screenand/or a mouse, for operator interfacing and a monitor for viewing thescanned image. A printer is directly attached to the digital imageprocessing unit or is attached via a communication link. With eitherconfiguration the printer forms hard copy prints. An algorithm residingin the digital image processing unit, detects the presence of themicrodot pattern in the original document and automatically deactivatesthe printer to abort the document copying process thereby restrictingthe unauthorized copying of the original document. In other words, themicrodots are undetectable by the unaided eye, but detectable by copyingmachines associated with software that programs the machine to preventcopying, when microdots are detected.

Chemical Testing

U.S. Pat. No. 6,030,655 (Hansmire, et al., Feb. 29, 2000), expresslyincorporated herein by reference, relates to positive identification andprotection of documents using inkless fingerprint methodology. A systemis provided for coating a portion of the document with a chemicalcompound, for determining an image thereupon, including the steps offirst providing a document; next, applying a clear chemical coating ontoat least a portion of the document; applying an non-visible image ontothe chemical coated portion of the document; providing an activatorsolution; applying the activated solution to the chemically coatedportion of the document to reveal the image thereupon; identifying thestamped image for assuring that the stamped image is not a counterfeitor the like.

U.S. Pat. No. 5,289,547 (Ligas, et al., Feb. 22, 1994), incorporatedherein by reference, discloses a method for authenticating articlesincluding incorporating into a carrier composition a mixture of at leasttwo photochromic compounds that have different absorption maxima in theactivated state and other different properties to form theauthenticating display data on the article, subjecting the display datato various steps of the authenticating method, activation of allphotochromic compounds, preferential bleaching of less than all of thephotochromic compounds, and/or bleaching of all the photochromiccompounds, and subsequent examination of the display data following thevarious activation and bleaching steps by verifying means to enableauthentication.

U.S. Pat. No. 4,507,349 (Fromson, et al. Mar. 26, 1985), incorporatedherein by reference, provides a currency security system employingsynthetic layers and sublimatable dye-formed images on the layers.

Physical Characteristics

U.S. Pat. No. 4,767,205 (Schwartz, et al., Aug. 30, 1988), incorporatedherein by reference, discloses an identification method andidentification kit based upon making up groups of microsized particlesnormally visible to the naked eye with each particle in each group beingof a selected uniform size, shape and color. Coded identification isestablished by transferring a population of particles from a selectednumber of the groups to the item to be identified and then confirmingsuch identification by examining the marked item under highmagnification with a light microscope.

Physical Security Schemes—Films and Embedded Filaments

U.S. Pat. No. 4,157,784 (Grottrup, et al., Jun. 12, 1979), incorporatedherein by reference, discloses a document security system that opticallyreveals erasures or modifications of printed matter.

U.S. Pat. No. 3,391,479 (Buzzell et al., July, 1968), incorporatedherein by reference, discloses a card security system that provides adichroic film covering information on the card.

U.S. Pat. No. 3,880,706 (Williams, April, 1975), incorporated herein byreference, discloses a document security system provided by a fusedpolymer net within a paper pulp substrate.

U.S. Pat. No. 4,247,318 (Lee, et al., Jan. 27, 1981), incorporatedherein by reference, provides a security paper formed from non-wovenpolyethylene film-fibril sheets.

U.S. Pat. No. 4,186,943 (Lee, Feb. 5, 1980), incorporated herein byreference, discloses a banknote or document security system thatprovides an optically distinctive thin film structure in the body of thebanknote or document.

U.S. Pat. No. 4,445,039 (Yew, Apr. 24, 1984), incorporated herein byreference, discloses an encoded document security system having asecurity element with a readable physical characteristic.

U.S. Pat. No. 4,652,015 (Crane, Mar. 24, 1987), incorporated herein byreference, discloses security paper for banknotes and currency having ametallized film having fine imprinting thereon.

U.S. Pat. No. 4,552,617 (Crane, Nov. 12, 1985), incorporated herein byreference, discloses a document security system provides dissolvablestrips of microcarrier material having encoding thereon which persistsafter the carrier dissolves. U.S. Pat. No. 4,437,935 (Crane, Jr., Mar.20, 1984), incorporated herein by reference, discloses a documentsecurity system provides a dissolvable carrier web material havingencoding thereon which attaches to the paper fibers and persists afterthe web dissolves.

U.S. Pat. No. 5,393,099 (D'Amato, Feb. 28, 1995), incorporated herein byreference, provides an anti-counterfeiting method for currency and thelike having embedded micro image security features, such as hologramsand diffraction gratings.

Physical Security Schemes—Electromagnetic

U.S. Pat. No. 5,602,381 (Hoshino, et al., Feb. 11, 1997), and U.S. Pat.No. 5,601,931 (Hoshino, et al., Feb. 11, 1997), incorporated herein byreference, relate to system and method for authenticating labels basedon a random distribution of magnetic particles within the label and anencrypted code representing the distribution printed on the label, andpossibly data imprinted on the label.

U.S. Pat. No. 3,701,165 (Huddlester, October, 1972), incorporated hereinby reference, discloses a method of marking garments with a substancedetectable by magnetic detecting devices. When the magnetized substanceon the garment part is detected in a process of making garments,subsequent garment making steps are actuated in response to thedetection of the stitching.

U.S. Pat. No. 4,820,912 (Samyn, Apr. 11, 1989), incorporated herein byreference, provides a method and apparatus utilizing microwaves forauthenticating documents, having a random distribution of stainlesssteel fibers embedded and scattered in a card base member. Microwavesare applied to a large number of metallic wires which are embedded andscattered at random in a document or a card, and a proper digital markresponsive to a response microwave signature is recorded in a suitableregion of the document or card according to specific rules. To check theauthenticity of the document or card, microwaves are applied to thedocument or card, and a response microwave signature is collated withthe digital mark. The document or card is determined as being authenticwhen the microwave signature and the mark correspond.

Optical Characteristics and Detection

U.S. Pat. No. 5,325,167 (Melen, Jun. 28, 1994) relates to a recorddocument authentication by microscopic grain structure and method. Arecord document may be authenticated against reference grain dataobtained from the document at a prior time. The body of the document isformed by base medium bearing the record entries such as text withinrecord site. The grain seal site is located at a predetermined locationwithin the base medium. The unique grain structure within the seal siteare microscopic and function as a seal for authenticating the document.The seal site is initially scanned to provide a stream of reference datagenerated by the surface reflection of the grain structure. Thisreference grain data is stored in memory for future authentication use.The seal site is then currently scanned to generate a stream of currentgrain data for comparison to the reference grain data.

U.S. Pat. No. 3,942,154 (Akami, et al., Mar. 2, 1976), incorporatedherein by reference, discloses a method and apparatus for recognizingcolored patterns. The method includes encoding the colors of individualpicture elements in a fabric pattern by comparing the level oftransmittance or reflectance of the picture element at pre-selectedwavelengths with stored values representing a reference color togenerate a multibit code indicative of the color of the picture element.A comparator used for this purpose incorporates an error eitherproportional to the wavelength or of constant value so that the outputof the comparator will indicate identity with the stored value if theinput value for the picture element is within a certain range of thestored value.

U.S. Pat. No. 4,514,085 (Kaye, Apr. 30, 1985), incorporated herein byreference, provides a method for authenticating documents by marking thedocument with an encapsulated liquid crystal, and then observing thedocument under conditions which exploit the unique opticalcharacteristics of liquid crystals.

U.S. Pat. No. 5,591,527 (Lu, Jan. 7, 1997), incorporated herein byreference, provides optical security articles and methods for makingsame, having layers of varying refractive index forming an image, whichis viewable only across a narrow range of viewing angles and is viewablein ambient (diffuse) light, thus affording a readily apparentverification of the authenticity of the substrate.

U.S. Pat. No. 5,580,950 (Harris, et al., Dec. 3, 1996), incorporatedherein by reference, provides negative birefringent rigid rod polymerfilms, formed of a class of soluble polymers having a rigid rodbackbone, which when used to cast films, undergo a self-orientationprocess aligning the polymer backbone parallel to the film surface,resulting in a film that displays negative birefringence.

U.S. Pat. No. 5,549,953 (Li, Aug. 27, 1996), incorporated herein byreference, provides optical recording media having optically variablesecurity properties. Thin film structures, which have an inherent colorshift with viewing angle, provide both optically variable securityproperties and optical data decodable by optical means. The multilayerinterference coating has a dielectric material, which is transparent,and a recording layer made of a light absorbing material, acrystalline-structural changing material, or a magneto-optic material.Data is encoded optically or photolithographically as bar codes ordigital data.

The use of optically variable pigments has been described in the art fora variety of applications, such as inks for counterfeit-proofapplications such as currency, and generically for coating compositions.They are described, for example, in U.S. Pat. No. 4,434,010 (Ash, Feb.28, 1984), U.S. Pat. No. 4,704,356 (Ash, Feb. 28, 1984), U.S. Pat. No.4,779,898 (Berning, et al., Oct. 25, 1988), U.S. Pat. No. 4,838,648(Phillips, et al., Jun. 13, 1989), U.S. Pat. No. 4,930,866 (Berning, etal., Jun. 5, 1990), U.S. Pat. No. 5,059,245 (Phillips, et al., Oct. 22,1991), U.S. Pat. No. 5,135,812 (Phillips, et al., Aug. 4, 1992), U.S.Pat. No. 5,171,363 (Phillips, et al., Dec. 15, 1992), and U.S. Pat. No.5,214,530 (Coombs, et al., May 25, 1993), incorporated herein byreference. Pigments of these types are prepared by depositing inorganictransparent dielectric layers, semi-transparent metal layers, and metalreflecting layers onto a flexible web, and separating the layers fromthe web in such a manner as to fragment the deposited thin film layerstructure into pigment particles. These particles are in the form ofirregularly shaped flat pigment flakes. These pigments are capable ofproducing dramatic visual effects, including dichroic effects notobserved in other types of pigments. A multilayer thin film interferencestructure is formed having at least one metal reflecting layer, at leastone transparent dielectric layer, and at least one semi-transparentmetal layer. Various combinations of these layers can be utilized toachieve the desired optically variable effect. Layer thickness can bevaried according to the particular desired characteristics of thepigment. For example, U.S. Pat. No. 5,135,812, incorporated herein byreference, describes useful thickness being on the order of 80 nm forthe metal reflecting layer, 5 nm for the semi-opaque metal layers, andthickness of a plurality of halfwaves of the particular designwavelength for the transparent dielectric layers.

U.S. Pat. No. 6,038,016 (Jung, et al., Mar. 14, 2000) and U.S. Pat. No.5,966,205 (Jung, et al., Oct. 12, 1999), expressly incorporated hereinby reference, relate to a method and apparatus for optically detectingand preventing counterfeiting. Perimeter receiver fiber optics arespaced apart from a source fiber optic and receive light from thesurface of the object being measured. Light from the perimeter fiberoptics pass to a variety of filters. The system utilizes the perimeterreceiver fiber optics to determine information regarding the height andangle of the probe with respect to the object being measured. Underprocessor control, the optical characteristics measurement may be madeat a predetermined height and angle. Translucency, fluorescence, glossand/or surface texture data also may be obtained. Measured data also maybe stored and/or organized as part of a data base. Such methods andimplements are desirably utilized for purposes of detecting andpreventing counterfeiting or the like.

Fluorescent Fibers and Patterns

U.S. Pat. No. 1,938,543 (Sanburn, December, 1933) teaches thatdetectable fibers which have been specially treated with a chemicallysensitive substance can be incorporated into paper and, upon contactingsuch paper with a second chemical agent, the detectable fibers changecolor and become distinguishable. As illustrated in U.S. Pat. No.2,208,653 (Whitehead, July, 1940), authenticatable paper can also bemade by including fibers of an organic ester of cellulose that have beentreated with a tertiary amine. The treated fibers are invisible in thepaper and become fluorescent under ultraviolet light. U.S. Pat. No.2,379,443 (Kantrowitz et al., July, 1945) discloses authenticatablepaper made by the addition of a small percentage of cellulosic fibersthat have been treated with hydrated ferric chloride which has beenhydrolyzed to iron hydroxide. The treated fibers are capable ofacquiring a deep blue color upon application to the paper of a potassiumferrocyanide solution, followed by an orthophosphoric acid solution.

U.S. Pat. No. 3,839,637 (Willis, Oct. 1, 1974), incorporated herein byreference, discloses the impregnation of spaced courses of yarn in afabric with a material which is not visible under daylight, but which isvisible only when subjected to ultra-violet light, so as to provideguide lines for cutting, or measuring indicia to enable visual countingof the number of yards of cloth in a roll from the end thereof withoutthe necessity of unrolling the bolt.

U.S. Pat. No. 4,623,579 (Quon, Nov. 18, 1986), incorporated herein byreference, discloses a decorative composite article, which may belongitudinally slit to form a yarn product, which has a combinedphosphorescent and fluorescent decorative appearance. The compositearticle includes paired outer layers of a thermoplastic resin betweenwhich is disposed a decorative layer comprising a composition includinga colorant component having a phosphorescent colorant and a fluorescentcolorant, and a resin binder material. The fluorescent colorant ispresent in an amount by weight that is up to an amount equal to that ofthe phosphorescent colorant. The present binder material may be selectedfrom polyester, polyurethane and acrylic polymers and copolymers, with amixture of butadiene-acrylonitrile rubber and polyurethane compositionbeing preferred. The composite article is prepared by coating two resinfilms with the composition, followed by contacting the films with eachother on their coated surfaces and applying heat and pressure to bondthem together to form the decorative composite article.

U.S. Pat. No. 4,756,557 (Kaule, et al., Jul. 12, 1988), expresslyincorporated herein by reference, relates to a security document havinga security thread embedded therein and methods for producing and testingthe authenticity of the security document. In order to increase theprotection of security documents such as ban notes, etc., againstforgery, security threads are embedded in the document that have atleast two areas extending in the longitudinal direction of the threadand differing in their physical properties. The thread is preferably acoextruded multicomponent synthetic thread whose individual componentscontain additives such as dyes or fluorescent substances and/orparticles having electrical or magnetic properties. The testing of theauthenticity of the security thread is directed toward the presence ofthese additives and their mutual geometrical distribution in certainareas of the security thread.

U.S. Pat. No. 6,019,872 (Kurrle, Feb. 1, 2000), expressly incorporatedby reference, relates to authenticatable bleached chemical paperproducts, prepared from a bleached chemical papermaking furnishcontaining a minor but detectable amount of lignin containing fibersselected from the group consisting of mechanical, thermomechanical,chemi-thermomechanical and bleached-chemi-thermomechanical, in an amountsufficient to be detectable with the use of a phloroglucinol stainingtechnique.

U.S. Pat. No. 6,054,021 (Kurrle, et al., Apr. 25, 2000), expresslyincorporated herein by reference, relates to a process of manufacturingauthenticatable paper products, in which the paper made from thepapermaking furnish includes fluorescent cellulosic fibers.

U.S. Pat. No. 6,045,656 (Foster, et al., Apr. 4, 2000) relates to aprocess for making and detecting anti-counterfeit paper. In thisprocess, a certain percentage of wood fiber lumens which have beenloaded with one or more fluorescent agents are added to the papermakingpulp. These wood fiber lumens would look normal under regular light, butwill glow when exposed to various manners of radiation.

U.S. Pat. No. 6,035,914 (Ramsey, et al., Mar. 14, 2000), expresslyincorporated herein by reference, for counterfeit-resistant materialsand a method and apparatus for authenticating materials, relates to theuse of fluorescent dichroic fibers randomly incorporated within a mediato provide an improved method for authentication and counterfeitingprotection. The dichroism is provided by an alignment of fluorescentmolecules along the length of the fibers. The fluorescent fibers providean authentication mechanism of varying levels of capability. Theauthentication signature depends on four parameters; the x, y position,the dichroism and the local environment. The availability of so manynon-deterministic variables makes counterfeiting difficult. Essentially,fibers having a readily detectable, non-RGB colorspace characteristic,e.g., fluorescent dichroism, are embedded randomly within a fibroussubstrate. Fibers near the surface are readily identified due to theirfluorescence. The fibers are then analyzed for dichroism, i.e., having apolarization axis. The positions of these dichroic fibers are useful forauthenticating the substrate.

The fibers are distributed throughout the media in a random fashionduring the production process. Thus the fiber related signature is arandom variable rather than a deterministic one. In fact, it is notbelieved that any methods presently exist for copying fiber placementwithin a substrate. The signature of every item will be different makingit more difficult to reverse engineer. For example, two-dimensionalimages (e.g. in the x-y plane) of papers incorporating the inventivefluorescent dichroic fibers provide increased security over the priorart “blue” threads used in currency. A comparison of a white light imageand a fluorescence image showing the two-dimensional distribution offlorescent dichroic fibers provides unique information. Fibers lying ator near the surface of the paper are easily observed by the white lightimage but are quickly masked below the surface. In a fluorescence image,fibers that lie below the surface are also readily observable. Acomparison of the two images provides a signature. Furthermore,processing of the paper (calendaring) further alters this imagecomparison. The pressing process reduces the fluorescence from thesurface fibers while not perturbing the subsurface fibers thus depthinformation is available by comparing the two images.

The fluorescent fibers' emission characteristics will also varydepending upon the angular orientation of the fibers within the mediarelative to a polarized excitation source. For example, at a givenwavelength, the intensity of electro-magnetic energy emitted by thefibers may vary considerably depending upon whether the fibers withinthe media are vertically or horizontally oriented relative to thedirection of a linearly polarized excitation source and a parallelpolarization analyzer. Hence, the dichroic nature of the fibers providesa fourth variable for each point along the fiber (i.e., x, y, z anddichroism/emission behavior).

The emission spectrum of each fluorescent dichroic fiber, can providedata on the fiber's local environment. For example, consider the use ofthe present invention in paper media or in an aerosol application. Thelocal environment of the fluorescent, dichroic fibers cause photonscattering (e.g., the orientation and number density of the paperfibers) and absorption (e.g., varying thickness of the dried carriervehicle in an aerosol application). This local environment is indirectlyobserved through the measurement of the fluorescent dichroic fiber'sapparent fluorescent anisotropy. This apparent fluorescent anisotropyassumes random values because the process of incorporating the fibersinto the media is a random process.

It is not necessary to analyze each variable for authentication; varyinglevels of security may be obtained by selecting one or more feature foranalysis. For example, at the first level (i.e., the lowestauthentication/lowest cost), an item having fluorescent dichroic fibersincorporated therewith may merely be checked to see that the fluorescentfibers are present in the item. The particular fluorescent agent usedmay be kept secret and dyes which fluoresce in non-visible regions ofthe electromagnetic spectrum may be employed, so copying this featuremay be difficult. At the second level of authentication accuracy, anitem having fluorescent, dichroic fibers may be checked to see that theflorescent fibers present in the media have the correct fluorescenceanisotropy. This level of authentication exceeds that of the first levelbecause the fluorescence anisotropy is dependent upon the molecularstructure of the fluorescent molecule and the specific processingconditions used to prepare the fibers containing the fluorescentmolecules. The third level of authentication accuracy involvesgenerating a prerecorded x-y pattern of the fluorescent fibers in theitem (e.g., by logging the particular random pattern of fibers presentin a particular credit card when the card is manufactured). When theitem is presented for authentication the observed pattern is comparedwith the prerecorded pattern. Since each item would have a uniquepattern, detection of a counterfeit would simply involve detection of aduplicate or unmatchable pattern. At the highest level of authenticationaccuracy, the x-y-apparent fluorescent anisotropy pattern of thefluorescent dichroic fibers in the item would be prerecorded. As in theabove case, when the item is presented for authentication the observedpattern is compared with the prerecorded pattern. Since the values forthe variables in the x-y-apparent fluorescent anisotropy pattern arerandom, this level of authentication yields an item that is virtuallyimpossible to duplicate. Calculations, using the number density of“blue” and “red” fibers incorporated into currency paper as a base case,indicate that the probability of a random repeat of the x-y-apparentfluorescent anisotropy pattern is about 1 part in 10¹⁰⁰⁰, an extremelyunlikely event.

Cryptographic Techniques

The original forms of cryptography involved the use of a single secretkey that was used to both encrypt and decrypt the message (known assymmetric cryptography). One challenge to this technique is thelogistics of communicating the secret key to the intended recipientwithout other parties gaining knowledge of the key. In 1976, WhitfieldDiffie and Martin Hellman introduced the concept of Public Keycryptography (asymmetric cryptography). In their system, each person isthe owner of a mathematically related pair of keys: a Public Key,intended to be available to anyone who wants it; and a Private Key,which is kept secret and only known by the owner. Because messages areencrypted with a Public Key and can only be decrypted by the relatedPrivate Key, the need for the sender and receiver to communicate secretinformation (as is the case in symmetric cryptography) is eliminated.

Public Key encryption is based on two mathematically related keys thatare generated together. Each key in the pair performs the inversefunction of the other so what one key encrypts, the other key decrypts,and vice versa. Because each key only encrypts or decrypts in a singledirection, Public Key encryption is also known as asymmetric encryption.Encryption and authentication take place without any sharing of PrivateKeys: each person uses only another's Public Key or their own PrivateKey. Anyone can send an encrypted message or verify a signed message,but only someone in possession of the correct Private Key can decrypt orsign a message.

The two primary uses of Public Key cryptography, encryption and digitalsignatures. Encryption messages are encrypted by using the Public Key ofthe intended recipient. Therefore, in order to encrypt a message, thesender must either have or obtain the Public Key from the intendedrecipient. The recipient of the message decrypts the message by usingtheir Private Key. Because only the recipient has access to the PrivateKey (through password protection or physical security), only therecipient can read the message. In order to create a digital signature,the sender's computer performs a calculation that involves both thesender's Private Key and the message. The result of the calculation is adigital signature, which is then included as an attachment to theoriginal message. The recipient of the message performs a similarcalculation that includes the message, the digital signature of thesender, and the sender's Public Key. Based on the result of therecipient's calculation, known as a hash, it can be determined whetherthe signature is authentic (or is fraudulent) and whether the messagehad been intercepted and/or altered at any point between the sender andthe recipient.

In most crypto systems, with some exceptions, such as elliptic keyencryption, the larger the key size, the stronger the encryption. Whilesome people could argue that you can never have too strong a level ofencryption, in the world of cryptography the word ‘overkill’ cancertainly be applicable. With stronger encryption comes greater systemcomplexity and longer processing durations to both encrypt and decrypt.

Presently, there are four different ‘grades,’ that refer to the strengthof the protection: Export grade gives minimal real protection (40-bitfor symmetric encryption or 512 for asymmetric). Personal grade (56- or64-bits symmetric, 768 asymmetric) is recommended for keys that are notvery important, such as those that protect one person's personal e-mailor those that serve as ‘session keys’ for low-importance transactions.Commercial grade (128-bit symmetric or 1024 asymmetric) is recommendedfor information that is valuable and fairly sensitive, such as financialtransactions. Military grade (160-bit symmetric or 2048-bit asymmetric)is recommended for information that is truly sensitive and must be keptsecret at any cost.

U.S. Pat. No. 5,984,366 (Priddy, Nov. 16, 1999), expressly incorporatedherein by reference, relates to unalterable self-verifying articles.Self-verifying article creation includes receiving recipient-specificdata, encoding a first selected subset of the recipient-specific dataand fixing the encoded subset along with other human-recognizable dataon a surface of an article. Self-verifying article authenticationincludes scanning a surface to locate an encoded first data set,decoding the first data set and comparing the decoded first data setwith a control data set, which may also be fixed upon the surface, todetermine the authenticity of the received self-verifying article.According to one disclosed embodiment, enhanced data security can beobtained and maintained by verifying a machine-readable data set on anobject for acceptability against predetermined criteria which mayinclude searching a data base (e.g., an organized, comprehensivecollection of data stored for use by processing system(s)) of previouslyissued articles to determine uniqueness. The transmission may be bywired or non-wired communication. In order to verify authenticity, anencoded data set (divided in two) on an article to be authenticated isread and processed, locally or remotely, to first check consistencybetween the divided parts, and to provide biometric authenticationinformation about a presenter or bearer of the object.

U.S. Pat. No. 5,932,119 (Kaplan, et al. Aug. 3, 1999), and WO 97/25177,Shachrai et al., expressly incorporated herein by reference, relate to alaser marking system, with associated techniques for authenticating amarked workpiece. Images of marked objects are stored, and may beauthenticated through a database, and/or through a secure certificate ofauthenticity, including an image of the marked object. According toKaplan et al., difficult to reproduce characteristics of an object areused as an integrity check for an encoded message associated with theobject. These characteristics may be measured or recorded, and stored,for example within a marking on the object, or in a database.Advantageously, these measurements and characteristics may be derivedfrom an image of the object captured in conjunction with the markingprocess. In fact, by storing such images and providing a pointer to theimage, e.g., a serial number, the measurements or characteristics to becompared need not be determined in advance. Therefore, according to sucha scheme, the object to be authenticated need only include a pointer toa record of a database containing the data relating to the object to beauthenticated. This allows information relating to characteristics ofthe object, which may be difficult to repeatably determine or somewhatsubjective, to be preserved in conjunction with the object. An image ofthe object on a certificate of authenticity may be used to verify thatthe object is authentic, while providing a tangible record of theidentification of the object. Known secure documents and methods formaking secure documents and/or markings are disclosed in U.S. Pat. No.5,393,099 (D'Amato, Feb. 28, 1995); U.S. Pat. No. 5,380,047 (Molee, etal., Jan. 10, 1995); U.S. Pat. No. 5,370,763 (Curiel, Dec. 6, 1994);U.S. Pat. No. 5,243,641 (U.S. Pat. No. 4,247,318 (Lee, et al., Jan. 27,1981); U.S. Pat. No. 4,199,615 (Wacks, et al., Apr. 22, 1980); U.S. Pat.No. 4,059,471 (Haigh, Nov. 22, 1977); U.S. Pat. No. 4,178,404 (Allen, etal., Dec. 11, 1979); and U.S. Pat. No. 4,121,003 (Williams, Oct. 17,1978), expressly incorporated herein by reference. U.S. Pat. No.5,464,690 (Boswell, Nov. 7, 1995) and U.S. Pat. No. 4,913,858 (Miekka,et al., Apr. 3, 1990), expressly incorporated herein by reference,relate to certificate having holographic security devices.

It is known to provide a number of different types messages forcryptographic authentication. A so-called public key/private keyencryption protocol, such as available from RSA, Redwood Calif., may beused to label the workpiece with a “digital signature”. See, “A Methodfor Obtaining Digital Signatures and Public Key Cryptosystems” by R. L.Rivest, A. Shamir and L. Adelmann, Communications of ACM 21(2):120-126(February 1978), expressly incorporated herein by reference. In thiscase, an encoding party codes the data using an appropriate algorithm,with a so-called private key. To decode the message, one must be inpossession of a second code, called a public key because it may bedistributed to the public and is associated with the encoding party.Upon use of this public key, the encrypted message is deciphered, andthe identity of the encoding party verified. In this scheme, theencoding party need not be informed of the verification procedure. Knownvariations on this scheme allow private communications between partiesor escrowed keys to ensure security of the data except under exceptionalauthentication procedures. See also, W. Diffie and M. E. Hellman, “Newdirections in cryptography”, IEEE Trans. Information Theory, Vol. IT-22,pp. 644-654, November 1976; R. C. Merkle and M. E. Hellman, “Hidinginformation and signatures in trapdoor knapsacks”, IEEE Trans.Information Theory, Vol. IT-24, pp. 525-530, September 1978; Fiat andShamir, “How to prove yourself: practical solutions to identificationand signature problems”, Proc. Crypto 86, pp. 186-194 (August 1986);“DSS: specifications of a digital signature algorithm”, NationalInstitute of Standards and Technology, Draft, August 1991; and H. Felland W. Diffie, “Analysis of a public key approach based on polynomialsubstitution”, Proc. Crypto. (1985), pp. 340-349, expressly incorporatedherein by reference. Another encoding scheme uses a DES-type encryptionsystem, which does not allow decoding of the message by the public, butonly by authorized persons in possession of the codes. This thereforerequires involvement of the encoding party, who decodes the message andassists in authentication.

U.S. Pat. No. 6,028,936 (Hillis, Feb. 22, 2000), U.S. Pat. No. 6,021,202(Anderson, et al., Feb. 1, 2000), U.S. Pat. No. 6,009,174 (Tatebayashi,et al. Dec. 28, 1999), U.S. Pat. No. 5,375,170 (Shamir, Dec. 20, 1994),U.S. Pat. No. 5,263,085 (Shamir, Nov. 16, 1993), and U.S. Pat. No.4,405,829 (Rivest, et al., Sep. 20, 1983), incorporated herein byreference, provide encryption and digital signature or document contentdistribution schemes. U.S. Pat. No. 5,600,725 (Rueppel, et al., Feb. 4,1997), and U.S. Pat. No. 5,604,804 (Micali, Feb. 18, 1997), incorporatedherein by reference, provide public key-private key encryption systems.U.S. Pat. No. 5,166,978 (Quisquater, Nov. 24, 1992), incorporated hereinby reference, provides a microcontroller for implementing so-called RSAschemes. U.S. Pat. No. 6,002,772 (Saito, Dec. 14, 1999), expresslyincorporated herein by reference, provides An embedded digital watermarkscheme.

The document content, or a digital signature thereof, may be storedremotely, and retrieved based on a unique identification of thedocument. The required communications may, for example, occur throughuse of the Internet. See, U.S. Pat. No. 6,052,780 (Glover, Apr. 18,2000), U.S. Pat. No. 6,011,905 (Huttenlocher, et al. Jan. 4, 2000) andU.S. Pat. No. 5,933,829 (Durst, et al., Aug. 3, 1999), expresslyincorporated herein by reference.

U.S. Pat. No. 6,065,119 (Sandford, II, et al., May 16, 2000), expresslyincorporated herein by reference, provides a method of authenticatingdigital data such as measurements made for medical, environmentalpurposes, or forensic purpose, and destined for archival storage ortransmission through communications channels in which corruption ormodification in part is possible. Authenticated digital data containdata-metric quantities that can be constructed from the digital data byauthorized persons having a digital key. To verify retrieved or receiveddigital data, the data-metrics constructed from the retrieved orreceived data are compared with similar data-metrics calculated for theretrieved or received digital data. The comparison determines thelocation and measures the amount of modification or corruption in theretrieved or received digital data.

Methods that hide validation information within the data beingauthenticated offer an alternative means to validate digital data.Digital watermarks can be added to data by methods falling generallyinto the field of steganography. Steganographic methods are reviewed byW. Bender, D. Gruhl, and N. Morimoto in “Techniques for Data Hiding,”Proc. SPIE, Storage and Retrieval for Image and Video Databases III,9-10 February, 1995, San Jose, Calif. This reference also isincorporated herein by reference.

One method of impressing a digital watermark is given by G. Caronni, in“Assuring Ownership Rights for Digital Images,” Proc. Reliable ITSystems, VIS '95, 1995, edited by H. H. Bruggemann and W. Gerhardt-Hackl(Vieweg Publ. Co.: Germany). Another method is given by I. J. Cox, J.Kilian, T. Leighton, and T. Shamoon in “Secure Spread SpectrumWatermarking for Multimedia,” NEC Research Inst. Tech. Report 95-10,1995. These references also are incorporated herein by reference.

Unlike the checksum or digital signature that calculate a measure of theoriginal data, digital watermarking techniques modify the data in orderto encode a known signature that can be recovered. The presence of thehidden signature in received data verifies that the data are unchanged,or its absence reveals that the data were modified from the watermarkedform. The method of Cox et al (1995) supra is designed specifically fordigital images, and it is sufficiently robust to survive eventransformations of the digital data to analog form. However, all theabove methods proposed for digital watermarking generally detectmodifications by means of an external signature, i.e., no metric thatmeasures the fidelity of the original digital data is used.Consequently, there exists no ability to measure in any detail theextent of the changes made or to estimate the precision of the receiveddata. The steganographic watermarking methods differ from the digitalsignature and checksum methods primarily by being invisible, and byusing the digital data to convey the watermark, thus eliminating theneed for an appended value.

U.S. Pat. No. 5,592,549 (Nagel, et al., Jan. 7, 1997), expresslyincorporated herein by reference, relates to a method and apparatus forretrieving selected information from a secure information source. Adevice is disclosed for retrieving information from a secure electronicinformation source, wherein at least some of the information is inencrypted form and may be decrypted for use. The device comprises: (a) acomputer, having an input device and a display device, for selectinginformation to be retrieved from the information source; (b) aninformation retrieval device, coupled to the computer, for retrievingthe selected information from the information source; (c) a decryptiondevice, coupled to the computer, for decrypting at least portions of theselected information retrieved from the information source; and (d) adata logging device, coupled to the computer, for maintaining a data logof the selected information as it is retrieved from said informationsource and decrypted. According to the invention, a unique brand code isautomatically, electronically added to at least some of the selected anddecrypted information, and to the data log.

U.S. patent application Ser. No. 5,394,469 of Robert Nagel and Thomas H.Lipscomb discloses a personal computer or “host computer” a CD-ROMreader and a “decryption controller”. The decryption controller isaddressable by the host computer as if it were the CD-ROM reader. Uponreceipt of an information request, the decryption controller initiates arequest to the CD-ROM reader for the desired information, retrieves thisinformation, decrypts it (if it is encrypted) and then passes it to thehost computer. The decryption controller is thus “transparent” to thehost computer.

U.S. Pat. No. 6,044,463 (Kanda, et al., Mar. 28, 2000) expresslyincorporated herein by reference, relates to a method and system formessage delivery utilizing zero knowledge interactive proof protocol.The message delivery system guarantees the authenticity of a user, thereliability of a message delivery, and the authenticity of the messagedelivery, while preventing an illegal act, and which can prove them at alater time. The system has an information provider terminal including auser authentication unit for carrying out a user authentication of theuser according to a zero knowledge interactive proof protocol usingcheck bits E generated according to a work key W, and a transmissionunit for transmitting to the user a cipher-text C in which a message Mto be delivered to the user is enciphered according to a secret keycryptosystem by using the work key W, and the check bits E. The systemalso has a user terminal including a message reception unit for takingout the work key W by using at least the check bits E, and obtaining themessage M by deciphering the ciphertext C according to the secret keycryptosystem by using the work key W.

U.S. Pat. No. 5,926,551 (Dwork, et al., Jul. 20, 1999) expresslyincorporated herein by reference, elates to a system and method forcertifying content of hard-copy documents. The system and methodfacilitate proof that a specific item, such as a document, has been sentvia a communication medium, such as the mail service of the UnitedStates Postal Service, at a specific time. A bit map image is produced,such as by scanning a hard copy document. Preferably the bit map iscompressed into a data string and hashed. The hash file is signed by acertifying authority, such as the USPS, using an existentiallyunforgeable signature scheme. The original document, a coderepresentation of the string, and a code representation of the signatureare sent via the communication medium. As a result, the combination ofmaterials sent provides proof of the authenticity of the content of thedocument.

U.S. Pat. No. 5,745,574 (Muftic, Apr. 28, 1998), expressly incorporatedherein by reference, relates to a security infrastructure for electronictransactions. A plurality of certification authorities connected by anopen network are interrelated through an authentication andcertification system for providing and managing public key certificates.The certification system with its multiple certification and itspolicies constitute a public key infrastructure facilitating secure andauthentic transactions over an unsecure network. Security services forapplications and users in the network are facilitated by a set of commoncertification functions accessible by well-defined applicationprogramming interface which allows applications to be developedindependently of the type of underlying hardware platforms used,communication networks and protocols and security technologies.

A digital signature standard (DSS) has been developed that supplies ashorter digital signature than the RSA standard, and that includes thedigital signature algorithm (DSA) of U.S. Pat. No. 5,231,668 (Kravitz,Jul. 27, 1993). This development ensued proceeding from theidentification and signature of the U.S. Pat. No. 4,995,081 (Leighton,et al., Feb. 19, 1991) and proceeding from the key exchange according toU.S. Pat. No. 4,200,770 (Hellman, et al., Apr. 29, 1980) or from the ElGamal method (El Gamal, Taher, “A Public Key Cryptosystem and a SingularScheme Based on Discrete Logarithms”, 1 III Transactions and InformationTheory, vol. IT-31, No. 4, July 1985), all of which are expresslyincorporated herein by reference.

U.S. Pat. No. 6,041,704 (Pauschinger, Mar. 28, 2000), expresslyincorporated herein by reference, relates to a public keyinfrastructure-based digitally printed postage system. See also, U.S.Pat. No. 6,041,317 (Brookner, Mar. 21, 2000), U.S. Pat. No. 6,058,384(Pierce, et al., May 2, 2000) and European Patent Application 660 270,expressly incorporated herein by reference, which apply encryptedpostage markings to mail. U.S. Pat. No. 5,953,426 (Windel, et al. Sep.14, 1999), expressly incorporated herein by reference, discloses aprivate key method for authenticating postage markings. A dataauthentication code (DAC) is formed from the imprinted postage message,this corresponding to a digital signature. The data encryption standard(DES) algorithm disclosed in U.S. Pat. No. 3,962,539 (Ehrsam et al.,June. 1976) is thereby applied, this being described in FIPS PUB 113(Federal Information Processing Standards Publication).

The data in the deciphered message includes a set of unique or quasiunique characteristics for authentication. In this scheme, the encodingparty need not be informed of the verification procedure.

Typical encryption and document encoding schemes that may beincorporated, in whole or in part, in the system and method according tothe invention, to produce secure certificates and/or markings, aredisclosed in U.S. Pat. No. 5,422,954 (Berson, Jun. 6, 1995); U.S. Pat.No. 5,337,362 (Gormish, et al. Aug. 9, 1994); U.S. Pat. No. 5,166,978(Quisquater, Nov. 24, 1992); U.S. Pat. No. 5,113,445 (Wang, May 12,1992); U.S. Pat. No. 4,893,338 (Pastor, Jan. 9, 1990); U.S. Pat. No.4,879,747 (Leighton, et al., Nov. 7, 1989); U.S. Pat. No. 4,868,877(Fischer, Sep. 19, 1989); U.S. Pat. No. 4,853,961 (Pastor, Aug. 1,1989); and U.S. Pat. No. 4,812,965 (Taylor, Mar. 14, 1989), expresslyincorporated herein by reference. See also, W. Diffie and M. E. Hellman,“New directions in cryptography”, IEEE Trans. Information Theory, Vol.IT-22, pp. 644-654, November 1976; R. C. Merkle and M. E. Hellman,“Hiding information and signatures in trapdoor knapsacks”, IEEE Trans.Information Theory, Vol. IT-24, pp. 525-530, September 1978; Fiat andShamir, “How to prove yourself: practical solutions to identificationand signature problems”, Proc. Crypto 86, pp. 186-194 (August 1986);“DSS: specifications of a digital signature algorithm”, NationalInstitute of Standards and Technology, Draft, August 1991; and H. Felland W. Diffie, “Analysis of a public key approach based on polynomialsubstitution”, Proc. Crypto. (1985), pp. 340-349, expressly incorporatedherein by reference.

In order to provide enduring authentication, it may be desired thatmultiple codes, containing different information in different schemes,be encoded on the object, so that if the security of one code isbreached or threatened to be breached, another, generally more complexcode, is available for use in authentication. For example, a primarycode may be provided as an alphanumeric string of 14 digits. Inaddition, a linear bar code may be inscribed with 128-512 symbols. Afurther 2-D array of points may be inscribed, e.g., as a patternsuperimposed on the alphanumeric string by slight modifications of theplacement of ablation centers, double ablations, laser power modulation,and other subtle schemes which have potential to encode up to about 1k-4 k symbols, or higher, using multi-valued modulation. Each of theseincreasingly complex codes is, in turn, more difficult to read anddecipher.

As is known from U.S. Pat. No. 5,932,119 (Kaplan, et al., Aug. 3, 1999),intrinsic imperfections or perturbations in the marking process may beexploited for authentication. Thus, a pattern may be provided which canbe analyzed, but for which techniques for copying are generallyunavailable. Thus, a marking pattern, even applied using standard means,may provide an opportunity for counterfeit resistant featureidentification.

In like manner, intentional or “pseudorandom” irregularities (seeminglyrandom, but carrying information in a data pattern) may be imposed onthe marking, in order to encode additional information on top of anormally defined marking pattern. Such irregularities in the markingprocess may include intensity modulation, fine changes in markingposition, and varying degrees of overlap of marked locations. Withoutknowledge of the encoding pattern, the positional irregularities willappear as random jitter and the intensity irregularities will appearrandom. Because a pseudorandom pattern is superimposed on a random noisepattern, it may be desirable to differentially encode the pseudorandomnoise with respect to an actual encoding position or intensity ofpreviously formed markings, with forward and/or backward errorcorrecting codes. Thus, by using feedback of the actual marking patternrather than the theoretical pattern, the amplitude of the pseudorandomsignal may be reduced closer to the actual noise amplitude whileallowing reliable information retrieval. By reducing the pseudorandomsignal levels and modulating the pseudorandom signal on the actualnoise, it becomes more difficult to duplicate the markings, and moredifficult to detect the code without a priori knowledge of the encodingscheme.

A number of authentication schemes may be simultaneously available.Preferably, different information is encoded by each method, with themore rudimentary information encoded in the less complex encodingschemes. Complex information may include spectrophotometric data, andimage information. Thus, based on the presumption that deciphering ofmore complex codes will generally be required at later time periods,equipment for verifying the information may be made available only asnecessary.

Known techniques for using ID numbers and/or encryption techniques topreventing counterfeiting of secure certificates or markings aredisclosed in U.S. Pat. No. 5,367,148 (Storch, et al., Nov. 22, 1994);U.S. Pat. No. 5,283,422 (Storch, et al. Feb. 1, 1994); and U.S. Pat. No.4,814,589 (Storch, et al., Mar. 21, 1989), expressly incorporated hereinby reference.

In addition to being analyzed for information content, i.e., themarkings, the object image may also be compared with an image stored ina database. Therefore, based on a presumptive identification of anobject, an image record in a database is retrieved. The image of thepresumptive object is then compared with the stored image, and anydifferences then analyzed for significance. These differences may beanalyzed manually or automatically. Where a serial number or other codeappears, this is used to retrieve a database record corresponding to theobject that was properly inscribed with the serial number or code. Wherethe code corresponds to characteristics of the object and markings, morethan one record may be retrieved for possible matching with theunauthenticated object. In this case, the information in the databaserecords should unambiguously authenticate or fail to authenticate theobject.

U.S. Pat. No. 5,974,150 (Kaish, et al., Oct. 26, 1999), expresslyincorporated herein by reference, relates to a system and method forauthentication of goods. An authentication system is provided based onuse of a medium having a plurality of elements, the elements beingdistinctive, detectable and disposed in an irregular pattern or havingan intrinsic irregularity. Each element is characterized by adeterminable attribute distinct from a two-dimensional coordinaterepresentation of simple optical absorption or simple optical reflectionintensity. An attribute and position of the plurality of elements, withrespect to a positional reference is detected. A processor generates anencrypted message including at least a portion of the attribute andposition of the plurality of elements. The encrypted message is recordedin physical association with the medium. The elements are preferablydichroic fibers, and the attribute is preferably a polarization ordichroic axis, which may vary over the length of a fiber. Anauthentication of the medium based on the encrypted message may beauthenticated with a statistical tolerance, based on a vector mapping ofthe elements of the medium, without requiring a complete image of themedium and elements to be recorded.

U.S. Pat. No. 5,592,561 (Moore, Jan. 7, 1997), incorporated herein byreference, suggests a system that provides an authenticating,tracking/anti-diversion, and anti-counterfeiting system that can trackvarious goods. The system includes a control computer, a host computer,a marking system, and a field reader system, which are all compatibleand can be physically linked via data transmission links. Anidentifiable and unique mark is placed on each good, or on materials outof which the goods are to be made, which enables subsequent inspection.The marks or patterns include areas where a marking agent is applied inan encrypted pattern and areas where it is not applied. The pattern canbe scanned or captured by a reader and deciphered into encoded data. Theentry can then either be compared directly to a set of authentic entrieson a database or decoded and compared to a set of data on the centrallylocated host database. The marking system provides control overimprinting, allowing a limited number of authorized codes to be printedbefore reauthorization is required. In order to provide markingvalidation, a camera captures images of imprints. After imprinting ofthe encoded marking, an image of the marking is obtained and centrallyauthenticated as a valid code, which may be stored in a database alongwith stored pertinent information pertaining to this specific product.Monitoring of the marked goods is facilitated by including a uniqueencrypted pattern having, for example, a unique owner identifier, aunique manufacturer identifier, a unique plant identifier, a uniquedestination identifier, and time and date information.

U.S. Pat. No. 5,367,319 (Graham, Nov. 22, 1994), incorporated herein byreference, provides a system wherein an object, such as currency, israndomly marked, such as with an ink jet printer. Counterfeiting of theobject by copying is detected by sensing duplication of the randompattern.

U.S. Pat. No. 5,499,924 (Berson, et al., May 30, 1995), incorporatedherein by reference, relates to a digital camera with an apparatus forauthentication of images produced from an image file. U.S. Pat. No.5,351,302 (Leighton, et al., Sep. 27, 1994), incorporated herein byreference, relates to a method for authenticating objects based on apublic key cryptography method encoding an ascertainable characteristicof the object, such as a serial number.

U.S. Pat. No. 5,574,790 (Liang, et al., Nov. 12, 1996), incorporatedherein by reference, provides a multiple-reader system forauthentication of articles based on multiple sensed fluorescentdiscriminating variables, such as wavelengths, amplitudes, and timedelays relative to a modulated illuminating light. The fluorescentindicia incorporates spatial distributions such as bar codes asdiscriminating features, to define a user-determined and programmableencryption of the articles' authentic identity.

U.S. Pat. No. 5,426,700 (Berson, Jun. 20, 1995), incorporated herein byreference, provides a public key/private key system for verification ofclasses of documents, to verify the information content thereof. U.S.Pat. No. 5,420,924 (Berson, et al. May 30, 1995), and U.S. Pat. No.5,384,846 (Berson, et al., Jan. 24, 1995), incorporated herein byreference, provide secure identification cards bearing an image of theobject to be authenticated. U.S. Pat. No. 5,388,158, incorporated hereinby reference, provides a method for making a document secure againsttampering or alteration.

U.S. Pat. Nos. 5,191,613, 5,163,091 (Graziano, et al., Nov. 10, 1992),U.S. Pat. No. 5,606,609 (Houser, et al., Feb. 25, 1997), and U.S. Pat.No. 4,981,370 (Dziewit, et al., Jan. 1, 1991), incorporated herein byreference, provide document authentication systems using electronicnotary techniques. U.S. Pat. No. 6,049,787 (Takahashi, et al., Apr. 11,2000), U.S. Pat. No. 5,142,577 (Pastor, Aug. 25, 1992), U.S. Pat. No.5,073,935 (Pastor, Dec. 17, 1991), and U.S. Pat. No. 4,853,961 (Pastor,Aug. 1, 1989), incorporated herein by reference, provide digital notaryschemes for authenticating electronic documents.

U.S. Pat. No. 4,816,655 (Musyck, et al., Mar. 28, 1989), incorporatedherein by reference, provides a document authentication scheme whichemploys a public key-private key scheme and which further employsunscrambled information from the document.

U.S. Pat. No. 4,637,051 (Clark, Jan. 13, 1987), incorporated herein byreference, provides a system for printing encrypted messages which aredifficult to forge or alter.

U.S. Pat. No. 4,630,201 (White, Dec. 16, 1986), incorporated herein byreference, provides an electronic transaction verification system thatemploys random number values to encode transaction data.

U.S. Pat. No. 4,463,250 (McNeight, et al., Jul. 31, 1984), incorporatedherein by reference, provides a method for detecting counterfeit codesbased on a low density coding scheme and an authentication algorithm.

See also, U.S. Pat. No. 4,150,781 (Silverman, et al., Apr. 24, 1979);U.S. Pat. No. 4,637,051 (Clark, Jan. 13, 1987); U.S. Pat. No. 4,864,618(Wright, et al., Sep. 5, 1989); U.S. Pat. No. 4,972,475 (Sant' Anselmo,Nov. 20, 1990); U.S. Pat. No. 4,982,437 (Loriot, Jan. 1, 1991); U.S.Pat. No. 5,075,862 (Doeberl, et al., Dec. 24, 1991); U.S. Pat. No.5,227,617 (Christopher, et al., Jul. 13, 1993); U.S. Pat. No. 5,285,382(Muehlberger, et al., Feb. 8, 1994); U.S. Pat. No. 5,337,361 (Wang, etal., Aug. 9, 1994); U.S. Pat. No. 5,370,763 (Curiel, Dec. 6, 1994); U.S.Pat. No. 4,199,615 (Wacks, et al., Apr. 22, 1980); U.S. Pat. No.4,178,404 (Allen, et al., Dec. 11, 1979); U.S. Pat. No. 4,121,003(Williams, Oct. 17, 1978), U.S. Pat. No. 5,422,954 (Berson, Jun. 6,1995); U.S. Pat. No. 5,113,445 (Wang, May 12, 1992); U.S. Pat. No.4,507,744 (McFiggans, et al., Mar. 26, 1985); and EP 0,328,320,incorporated herein by reference.

Thus, there remains a need for a system and method for systems andmethods for authenticating goods, including portable authenticationdevices. Heretofore, such systems have had various shortcomings.

Anticounterfeiting Systems for Objects

U.S. Pat. No. 6,005,960, herein incorporated by reference, provides ananti-counterfeiting system wherein a system and method of marking goodsfor authentication and tracking purposes is described. A central controlunit enables the system by providing an allotment of goods to a hostunit. The host unit directs marking terminals to mark particular goodswith specific information coding symbols. Goods are either markeddirectly or are identified by means of affixed features which are markedwith encoding symbols either prior to, or subsequent to, affixing to thegoods. Following marking, goods of fixtures are scanned to ensure propermarking and then packaged for shipment, and/or they can be checked byilluminating the symbols marked thereon and cross referencing this datawith the host database by using a field reading unit.

U.S. Pat. No. 4,397,142, herein incorporated by reference, describescoded threads and sheet materials for making such threads useful incounterfeit-inhibiting garments. The sheet material comprisestransparent microspheres, a specularly reflective layer underlying themicrospheres, and a polymeric layer underlying the specularly reflectivelayer and containing particulate matter which may be varied from sheetmaterial to sheet material to encode information and allowidentification of the sheet material. The sheet material is split innarrow widths and incorporated into threads.

U.S. Pat. No. 4,527,383, herein incorporated by reference, describes athread which comprises a polymeric material onto which has been fixed asymbol or repeating multiple symbols which are detectable and readableunder magnification. When incorporated into garments or garment labels,this thread is useful in identifying the true manufacturer of the goods,and the absence of such threads would help in the detection ofcounterfeit goods.

U.S. Pat. No. 5,956,409 discloses a method and system for the secureapplication of seals. An optical image of a seal is recorded by acomputer and encrypted using a key for encryption generated in responseto template biometric data from the authorized persons. When a personseeks to use the seal, for example to apply the seal to a document orlabel, test biometric data is input from that person and used togenerate a key for decryption. If the test biometric data matches thetemplate biometric data, the key for decryption will be useful fordecrypting the encrypted seal, and the person seeking access to theseal. The test biometric data represents a handwritten signature givencontemporaneously by the person seeking access, and is verified againsta set of template signatures earlier given by at least one authorizedperson. Specific signature features are determined in response to thetemplate signatures and used for generating one or more keys forencrypting the seal. Similarly, specific signature features aredetermined in response to the test signature and used for generatingkeys for decrypting the seal. Features are embedded in the optical imageof the seal, or in the printed seal in the event that the document orlabel is physically printed, which demonstrate to a person examining thedocument that the seal is genuine. These features includemicro-embedding of biometric data or specific features determined inresponse thereto, or even the embedding of dichroic fibers in orpatterns thereon.

There remains a need, however, for improved authentication systems andmethods, providing both logical (algorithmic) security as well asphysical impediments to counterfeiting.

SUMMARY AND OBJECTS OF THE INVENTION

The present invention provides, in a first embodiment, an encodedwatermark, which includes self-authentication information. That is, aphysical process is applied to the paper stock which alters itsproperties, typically including an optical property. This physicalprocess typically requires special equipment, and is irreversible, inthe sense that it would be quite difficult to change the coded watermarkon an already engraved and printed certificate or bill. The coding ispreferably cryptographically secure, and thus creating or forging thecoding requires further information. The watermark preferably encodes acharacteristic of the stock which is random and difficult to copy, suchas a fiber pattern.

Typically, a watermark is impressed on a web of paper in a later stageof processing before it is dried. At this time, the reading of thelocation and orientation of bulk cellulose fiber patterns while the webis being processed and before it is calendared would be quite difficult.On the other hand, it would be possible to read the location andorientation of relatively low density optically contrasting fibers, suchas dyed nylon threads, as the web is moving at high speeds.

Thus, according to one aspect of the invention, the web is scanned forthe location of randomly distributed and optically apparent featureswhich are relatively fixed in location and orientation while still beingmanufactured. This information is then used to establish a dynamicallyreconfigurable watermark pattern, for example using a set of binary,ternary or quarternary displaceable pins in a one or two-dimensionalpattern, in an area of the web near the features which are beingencoded. In this way, the watermark becomes a coded self-authenticationfeature for the stock. If the code is cryptographically secure, then acounterfeiter would have to both be able to reproduce the paper-makingconditions to provide a suitable watermark, and have the algorithm forgenerating the proper code.

Alternately, a different type of watermark may be used. For example, areactive cross-linking agent could be used to selectively change thechemical nature of the cellulose regionally, to form a printer code.Likewise, a polymerizable material may be applied and cured to form apermanent pattern. While these processes themselves are not highlycounterfeit resistant, the marking may be cryptographically encoded andirreversibly applied.

It is also noted that in stocks which have security threads, such as themetallized polyester film used in new U.S. currency, the stock itself isformed of two laminated sheets. This, in turn, theoretically allows aprocess to be applied to the interface between the sheets. Sincecurrency stock is highly controlled and itself difficult to reproduce, acoded marking formed in this spaced would also have security attributesbeyond an analogous marking formed on the external surface of the stock.

According to an aspect of the invention, for each piece of monetarycurrency, identification document, other document, or other physicalarticle, an identifier is created comprising encrypted and/or graphicinformation, where the identifier can be read or determined by a manualor automatic process at each of its occurrences. Preferably, theidentifier is physically and/or algorithmically self-authenticating,meaning that the marking associated with the object would, after carefulinspection, normally be expected to come only from an authorized source.The information in the identifier may be logically associated with someproperty or properties of some zone of or the entire substrate beingidentified, which may be homogeneous and/or heterogeneous in itscomposition. With respect to paper currency in particular, the preferredfeatures to be encoded are optically readable and randomly determined bya stochastic physical process, have a relatively low density in thewhole, are relatively stable over time in their optical properties,position and orientation, and themselves comprise an authenticationfeature, i.e., are themselves not readily duplicated to form acounterfeit. The identifier preferably is cryptographically encoded, forexample using a hash, such as the known MD5 and SHA-1 algorithms, or apublic-key infrastructure (PKI) scheme, such as available from RSA.Clearly, strong encryption may be used to provide enhanced security.

It is noted that, while the preferred physical authentication feature isan optically scannable low density fiber pattern, other features may beencoded. For example, high density patterns such as a relation ship ofcellulose fibers in a small region, an optical reflection pattern ofdichroic flecks in printed portions of the bill, a polymer fiber pattern(which may be clear or invisibly dyed), or other pattern may beemployed. It is most useful when the feature itself is difficult oressentially impossible to copy, and the original production of anidentifier requires information unavailable to the counterfeiter, suchas an encryption key. Further preferred is that the identifier itself isprovided on the substrate in a manner which is difficult to replicate ororiginally produce.

Preferably, the authentication scheme according to the present inventionsupports both manual inspection and automated authentication. Thus,features comprising the identification are preferably machine readable,and more preferably optically scannable. One set of embodiments of theinvention permit standard optical raster scanning of the features to beauthenticated and the authentication code, while other set ofembodiments require further information beyond a chroma-luminance map ofthe object. For example, dichroic patterns, fluorescence, spectralabsorption, transmittance or reflection patterns, or the like, may bematerial.

A separate aspect of the invention provides increased security forcurrency. It is well known that currency typically circulates a numberof times before being retired. That is, it is transferred between anumber of persons or businesses. Often, the bills circulate throughbanks, and may include central banks.

In banks and central banks, an environment exists wherein currency ismachine-counted and analyzed, at least in a simple manner, to detectworn bills, and possibly counterfeits. This process step provides aparticular opportunity to provide more sophisticated analysis of thebills, and further to update information recorded on the bill. Forexample, this information may include an updated authentication profile,tracking history, and the like. This allows an investigator to reviewdetailed information the bill off-line, and without requiring real-timeaccess to a centralized database of such information. Likewise, such asystem allows circulating bills to be “updated”, and therefore permitsreplacement of insufficiently secure authentication information, andcorrection for degradation, wear and distortion of the currency.

A further aspect of the invention provides a system and method forimposing or imprinting a marking on an embedded strip within a papersheet. For example, US currency includes a narrow metallized polyesterfilm ribbon which has a metallization pattern which conveys the currencydenomination. This film may be additionally encoded with variouspatterns, for example by laser, electrical or thermal ablation, photonicsubstrate modification, or the like. For example, in like manner to theembodiments set forth above, an encoded message may be provided on thepolyester film, which may be read using optical or other means. Sincethe polyester ribbon is dimensionally and environmentally stable, themarking may be microscopic, and reliably read without a high degree ofredundancy or a substantial overhead of error correcting codes, whichmay be required for markings which are subject to wear, distortion, orpartial obliteration.

Preferably, the currency is scanned using a suitable scanner todetermine a unique characteristic, such as a low-density fiber pattern.The pattern is then cryptographically processed and turned into a binarycode. A laser is then controlled to mark the polyester film with thebinary data representing the cryptographic authentication code.

On order to authenticate the bill, the stock is scanned, whichpreferably also acquires the laser marking pattern on the polyesterribbon. If the security feature, for example, a dichroic fiber, then thescanner also analyzes the polarization patterns to detect the dichroism.Likewise, other feature-specific attributes may also he measured forauthentication. The encoded information is then analyzed using anappropriate algorithm, to ensure that the encoded message corresponds,to within a desired degree of certainty, and allowing for limitations onthe precision of measurement and likely variations in the currency stockover time, to the security features determined to be actually present.If the self-authentication scheme does not verify the bill, a furtheranalysis may be performed, out of the ordinary processing stream. On theother hand, normally verified bills may be processed with highthroughput.

As noted above, an annotation may also be printed on the bill, forexample a two-dimensional code using infrared fluorescent ink in anunprinted margin of the bill. In this case, the scanner determines thecontent and location of any prior markings, which may then also beanalyzed, and the printer places a new marking in a next-availablelocation. Bills for which there remains no available marking locationsmay be retired, remain unchanged, or subject to a different parkingscheme. It may also be possible to bleach off relatively old markings tomake room for new markings. Using a 150 dpi marking scheme, in a quarterinch margin approximately 500 bits per inch raw data may be recorded. If250 bits are required for each marking, and the margin is six incheslong, a total of 12 markings are possible. If, however, an incrementalmarking update requires only 64 bits, then many more increments may bepermitted.

For example, the initial marking includes an encoding of all or aselected portion of the randomly disposed security feature(s). If theencoding is a subset, then the encoding also defines the subset, orpermits authentication based on a full bill scan. The encoding alsopreferably includes the bill serial number, to ensure correspondencewith the printer serial number. Other information, such as theidentification of the particular scanner or a production lot may also beincluded. The data is then encrypted using a hash or PKI scheme, orother cryptographic scheme, and error correction and detection codesincluded. Preferably, an ink-jet printer with a permanent ink is used toapply the marking. The ink is preferably an infrared fluorescent dye, sothat the marking is mostly invisible to the naked eye.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described with respect to the drawings of theFigures, in which:

FIG. 1 is a schematic of the authentication process using a hand-heldscanner according to the present invention;

FIG. 2 is a thermal transfer medium before thermal transfer;

FIG. 3 is a thermal transfer medium of FIG. 2 in the process of formingan image by thermal transfer;

FIG. 4 is a perspective view illustrating the main portion of thepattern thermal transfer printer as contemplated by the presentinvention;

FIG. 5 is a schematic process illustration depicting the determinationand reading of dichroic fiber polarization;

FIG. 6 is an example of an authentication certificate with severallevels of security;

FIG. 7A is an example of authenticating bi-layer tape according to thepresent invention used to seal goods;

FIG. 7B is a view of the tape of FIG. 7A with the top portion removed;

FIG. 8A is a schematic illustration of the authentication processrelating to Compact Discs and Digital Video Disks;

FIG. 8B shows the Compact Discs and Digital Video Disks of FIG. 8A withcustom dye particles thereon;

FIG. 9 is a top view of a Compact Discs and Digital Video Disk withseveral levels of security;

FIG. 10 is a Compact Discs and Digital Video Disk player containing andauthenticating a Compact Discs and Digital Video Disks with a laser;

FIG. 11 is a schematic process illustration depicting the method ofauthentication either with or without on-line authentication;

FIG. 12A shows a flow chart detailing method of determining the fiberpattern using two axes of inherent polarization of the fibers in acertificate;

FIG. 12B shows a flow chart detailing a method of authentication;

FIG. 13A shows a flow chart detailing a method of authenticationrelating to the authenticating tape of FIGS. 7A and 7B;

FIG. 13B shows a flow chart detailing a closed method of authenticationfor the tapes of FIGS. 7A and 7B;

FIG. 14A shows a flow chart detailing a method of authenticationrelating to the discs of FIGS. 8B and 9; and

FIG. 14B shows a flow chart detailing an additional method ofauthentication for the discs of FIGS. 8B and 9, whereby anon-deterministic pattern is used.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Example 1 A Processfor Dynamically Watermarking a Substrate

A support means is provided for a dynamically reconfigurable watermark,for example a paper calendering roller (in the case of a papersubstrate) or a flat press, whereby rigid members such as metal pins aresupported in a geometric array, such as a 16×16 or other square, ahexagonal tiled array, and/or in a pictorial pattern or as part of same,and/or as part of a steganographic design.

The web entering the roller is scanned optically using a bar scanner orset of bar scanners (3-8 color, one pass, 600 dpi) to determine a randompattern of security features in the web.

A processor then processes the image to extract the security featuresand encodes them into a pattern suitable for controlling the dynamicallyreconfigurable watermark. This pattern may also include a serial numberpattern. The scanned pattern (or processed representation thereof)and/or watermark may also be stored in a database indexed to the stock,which for example, may already have a serialization pattern established.

An actuation means whereby said rigid members are individually motivatedby command toward the substrate to be marked, such as paper of celluloseand/or other polymeric materials. Example of such actuation means may besolenoids pushing or pulling the pins, magnetic fields pulling the pinsfrom the opposite side of the substrate to be marked, or pneumaticactuactors, and/or mechanical actuators such as by gears and pins (forexample in analogy to striking a piano string and/or the pneumaticmechanism of a player piano). The patter may be binary actuation, or ahigher order encoding. In the case of higher order encoding, thealgorithm preferably takes into consideration a neighboring elementanalysis to enhance reading reliability and correct for “intersymbolinterference”, the interrelation of a status of one data symbol with theread value of another data symbol.

An interface is provided to control actuation of the rigid members. Thismay be a computer interfaced actuation controller, an intermediatemechanical programmer which is itself logically interfaced, or directkeyboard or human graphic user interface logical input, or by some othersoftware designed to record by way of watermark some optical, magnetic,electronic, conductive/resistive, capacitive, chemical and/or somephysical property or properties of the substrate, and/or some otherinformation selected for identification and/or authentication and/ortracking or said substrate.

As stated above, this characteristic is preferably subject to randomvariations and is difficult to copy, this making it useful as a securityfeature and making the marking useful for self-authentication.

It is also possible for the rigid members to apply heat and/or light inaddition to or separately from pressure to the substrate. The heat orlight may, for example, modify or cure components of the object to bewatermarked. Likewise, a post-process may be employed to preventmodification or unintended degradation of the watermark afterimplementation.

The “watermark” may also be a chemical or spectroscopically or opticallydetectable pattern generated by pressure-sensitive components within orupon the substrate, such as by microspheres containing ink visually ornot visually detectable. Thus, the watermark need not be a truewatermark imposed on the stock prior to or during the final calendaringstep, and may be provided separately from the papermaking processitself.

The “watermark” may also be a chemical, or spectroscopically oroptically detectable pattern generated by heat sensitive componentswithin or upon the substrate.

Likewise, an optically induced “watermark” may be provided wherein thepattern is produced by photochemical interaction with laser generated orother light, and the substrate is optionally subsequentlyde-photoactivated (i.e. fixed).

Example 2 A Process for Self-Authenticating or Tracking CirculatedDocuments where Physical and/or Chemical Properties of a Given Documentcan Change

The preferred system according to this embodiment comprises means formeasuring and recording properties of a given document (e.g. currencybill) upon the document. Thus, self-authentication schemes aresupported.

A processor capable of encrypting the properties is employed, which maybe a general purpose processor or special cryptoprocessor.

A printer is provided for over-printing machine readable or otherinformation upon the document, by use of visible or invisible inks,electrically conductive or insulating chemicals/inks, or magnetic ink.The form of the information could be a digital array (e.g. data matrix),bar code, picture, or a set of alphanumeric symbols. Readability can becaused by optical contrasts, magnetic or electrically capacitivecontrasts, as a result of the overprinting, comprising a pattern inlogical association with said document properties.

The printer is optionally integrated with a reader or scanner, but neednot be so.

The reader detects the physical parameters of the information fieldsbased upon utilized fields of standardized geometry, or based uponinformation within or in association with said fields. The reader can bean optical, electrical or magnetic array sensor or imager.

A registration device may be used to advance the document within theprinter, or the printing head within the printer, such that after anauthentication of the document new information can be printed upon saiddocument in a sequentially defined area, within an assigned printingzone, for example the border of a currency bill, in a manner to produceone or more printed fields each time the document is authenticated. Thereader reads the imprinting, and therefore also defines a sequentialunmarked region in which a subsequent marking is placed.

Preferably, a feature of the bill includes dichroic fibers, which havean anisotropic optical property. The polarization axis of the fibers isgenerally aligned with the long axis of the fibers, and thus it isrelatively easy to distinguish a true dichroic fiber from a printedindicia, by analyzing light polarization properties of a fluorescentemission. During an initial encoding, all fibers may be presumed to bedichroic (unless the absence of dichroism of a fiber is itself asecurity feature), so during initial production, this step may bedispensed with. On the other hand, field authentication preferablyverifies dichroicity of the fibers to guard against simplechroma-luminance copying (e.g., color xerography) of an authentic bill.

An encryption system may be employed to provide and encode updatedauthentication information, optionally together with additionalinformation, which is then printed on the bill in a sequential unmarkedregion.

For verification, a scanner reads the encoded information, as well asthe security features, and confirms correspondence. The updated code mayalso describe changes in the bill, such as loss of certain surfacefibers, dirt, fingerprints, chemical residue, or the like, which may beuseful for tracking the bill and subsequent authentications.

A centralized database may also store a copy of the scan or informationderived therefrom, the set of markings on the bill, and otherinformation. Preferably, any such centralized database is not requiredfor normal authentications, and is used interactively only inexceptional cases. On the other hand, batch processing using thecentralized database may be useful to detect trends and significantthreats to the currency supply, such as by “super counterfeits”.

Example 3

A polymer ribbon is incorporated into currency stock in known manner, inaddition to the existing polyester ribbon. This ribbon is speciallyadapted to be reliably written to with information after it is withinthe bill of currency, to add information logically associated with someproperty of the individual piece. This ribbon may incorporate writableoptical disk technology, holographic storage technology, or respond tooptical, thermal, magnetic or electrical energy to record a pattern.

The ribbon or thread can, for example, be composed of a material subjectto a fixable change in optical or electrical properties by sandwichingthe bill between an appropriate electrode/nanoelectrode array. Forexample, a fixable or non-fixable photosensitivity to a specificcombination of photons could be employed, e.g., dual photon capture.Further, a chemical could be released in an appropriate pattern by somecombination of these processes or by heat and/or pressure that can bringabout a machine readable patterned change in properties of the thread.Thus, the chemical composition of the ribbon or thread may be itself asecurity feature.

Example 4

The above-discussed techniques may be advantageously combined, alone orin combination, with other techniques, as described in further detailbelow:

A first preferred embodiment of the invention employs dichroic fibers,as disclosed in U.S. Pat. No. 6,035,914 (Ramsey, et al., Mar. 14, 2000)and U.S. Pat. No. 5,974,150 (Kaish, et al., Oct. 26, 1999). These fibershave properties that are readily distinguished from most types ofimprinted patterns, and further may be dispersed in a non-deterministicmanner on a substrate. Thus, fiber pattern in a substrate may be used asa basis for authentication.

A second preferred embodiment employs one or more proprietary dyes whichare withheld from public availability. These dyes may be selected havingdesired distinctive optical properties which are readily detectable.Therefore, by detecting the spectrographic properties of the dye, theobject on which the dye is deposited may be authenticated.

The techniques according to the present invention are not limited to thepreferred embodiments, and therefore various known security features andtechniques may be employed to provide a secure authentication system.

The present invention also provides authentication apparatus forverifying authenticity of media according to the present invention.

In the case of a dichroic fiber, the authentication system provides anoptical system that reads an optical image of the fibers while apolarization property of incident light is varied. The light from thefibers is then analyzed to verify that the pattern results from fibershaving dichroic properties. The pattern of the fibers is then comparedwith a pattern determine during a pre-authentication step, which may bestored in an encrypted message imprinted on the media, or storedremotely and recalled during an on-line authentication procedure.

In order to provide improved authentication and avoidance ofcounterfeiting the present invention utilizes fluorescent dichroicindicators. Materials that are dichroic may have different absorptioncoefficients for light (i.e., electromagnetic energy, typically rangingfrom infrared to ultraviolet wavelengths) polarized in differentdirections. When the energy of the incident photon (polarization)corresponds to the absorption transition of the molecule, theinteraction between the absorbing dipole and the incident photon islargest and high absorption of incident photons is observed. This energyis, for example, re-emitted by a fluorescent molecule with the plane ofpolarization of the emitted photons aligned with the emitting dipole ofthe fluorescent molecule. Most molecules have the absorbing and emittingdipole approximately collinear. When the polarization of the excitinglight is collinear with the absorption dipole, the fluorescent emissionwill be highest. Light polarized normal to the absorbing dipole, on theother hand, is not absorbed to a great extent, hence, the resultingemitted intensity from this absorption is low. Where the light source isnot polarized, the dichroism of each fiber will result in respectivepolarized reflection, transmission, and emission.

According to a preferred embodiment, an authentication indicatorcomprises a dichroic material. Preferably, the dichroic material willexhibit a high degree of dichroism. It is not important, however, inwhat form the dichroic materials are introduced into the media beingauthenticated. For example, there may be situation where authenticationis facilitated by using dichroic indicators in the form of ribbons,rectangles, pyramids, spheres, etc. As long as the indicator's dichroismis reasonably preserved during formation of the article (i.e.,incorporation of the dichroic indicators with the article), theshape/form of the dichroic indicator is not important. A preferred formfor the dichroic indicator is a fiber. Fibers may advantageously be usedto incorporate the desired dichroic behavior into the article sincefibers may be incorporated within many processes without detriment tothe process (e.g., paper making, weaving, sewing) or dichroic fiber. Thefibers may have widely varying cross-sections and lengths. Essentiallythe only requirement is that the configuration of the fiber not disruptthe underlying manufacturing process (e.g., with aerosol applicationsthe fibers must be sufficiently small to be sprayed). Where otherwisefeasible, the dichroic fibers are somewhat elongated since elongatedfibers are easier to identify within a matrix of material and canpotentially provide more data that shorter fibers (e.g., since differentpoints along the length of a long fiber may be more or less obscured bypaper fibers, be closer to or further from the paper surface, etc., andhence, exhibit more or less dichroism). Finally, in some circumstancesit may be possible to use fibers of uniform lengths to provide easilyverifiable data points—i.e., when inquiring whether a marked article isauthentic, one can quickly see if fibers of appropriate lengths arepresent. Synthetic polymer materials are preferred for the fibermaterial, e.g., Nylon 6,6. A wide variety of acceptable indicatormaterials are available at very low cost. For example, polyesters,polyamides, poly(amide-imides) and poly(ester-imides) can be madebirefringent. Examples of polymers used in preparing the stretched filmshaving a positive intrinsic birefringence include polycarbonates,polyarylates, polyethylene terephthalate, polyether sulfone,polyphenylene sulfide, polyphenylene oxide, polyallyl sulfone,polyamide-imides, polyimides, polyolefins, polyvinyl chloride, celluloseand polyarylates and polyesters. Examples of negative intrinsicbirefringence stretched films include styrene polymers, acrylic esterpolymers, methacrylic ester polymers, acrylonitrile polymers, andmethacrylonitrile polymers.

Suitable dyes, where necessary or desired, include naphthalimides,coumarins, xanthenes, thioxanthines, naphtholactones, azlactones,methines, oxazines, and thiazines. Rhodols, Rhodamines (See, U.S. Pat.No. 5,227,487, and U.S. Pat. No. 5,442,045), fluoresceins, and flavinesare preferred for visible fluorescence. In using dyes, it should beapparent that instead of employing a single dye or modulating thecontent of a single dye, a plurality of distinct dyes may be added tothe fiber matrix, potentially providing distinct and relativelyorthogonal coding schemes. For example, Molecular Probes' Alexa dyeseries includes five fluorescent dyes, typically used to preparebioconjugates. The absorption spectra of these five spectrally distinctsulfonated rhodamine derivatives—Alexa 488, Alexa 532, Alexa 546, Alexa568 and Alexa 594 dyes—match the principal output wavelengths of commonexcitation sources, thus allowing multicolor coding. Of course, variousother dyes or compatible sets of dyes may be employed.

Fluorescent resonant energy transfer (FRET) techniques may also be usedto label fibers and detect labeling. It is noted that dichroism is notnecessary, especially where a complex optical effect, such asfluorescence or FRET is present. Again, by combining techniques, moreefficient coding and greater difficulty in counterfeiting fibers isprovided.

The dichroic agent can be brought into association with the indicator ina variety of ways. In order to maximize the dichroism, the dichroicagents (e.g., molecules of dye) are aligned maximally; non-dichroism isachieved by a random distribution of dye molecules. Typically, the dyealignment is achieved by a stretching of the polymer matrix duringmanufacture, which alters an anisotropy and alignment of polymer chains.The dye is interspersed or linked to the chains, and thus is alignedsimultaneously. If the fiber is selectively stretched, or selectivelyannealed after stretching, spatial variations in dichroism will beapparent. The dye may also be bleached, e.g., photobleached, in asecondary process. Since many dyes have a narrow band absorption, suchdyes may be selectively bleached, allowing independent control overspatial dye concentration. Heating, or other annealing processes, aretypically not selective, and alter the crystalline structure of theentire portion of the fiber. Such selective heating is possible, forexample, with infrared laser diodes or even infrared LEDs.

Preferably, when simple fibers are used as the indicator, the dichroicmarking material is aligned along the length of the fiber. In this waythe fibers will have very different emission spectra (i.e., with respectto intensity) when excited with light polarized parallel versusperpendicular to the fiber axis, assuming the absorption dipole is alongthe fiber axis. In general, the absorption dipole of the fluorescentmarking molecule will not be perfectly aligned with the fiber axis. Thisis permissible, but it is preferred that the absorption dipole is nearlyparallel or orthogonal to the fiber axis.

Where more complex fibers are employed, preferably the transitionsinvolve polarization rotation between extremes. For example, the fibersmay be “squished” along 90 degree-displaced axes along its length. Othertechniques may be used to selectively orient the molecules in the fiber,for example using magneto-optic recording techniques.

The marking material (e.g., a fluorescent dye) may be associated withthe indicator material (e.g., fibers) during formation (i.e., themarking material may be incorporated within the indicator itself), orthe marking material may be added to the indicator after formation ofthe indicator. For example, when fibers are used as the indicators andluminescent dye is used as the marking material a preferred method ofassuring maximal dichroism (i.e., maximum coalignment of dye molecules)is to melt blend the fibers and dye and then stretch the fiber. Withother fiber/marking dye combinations, it may be possible to achievesatisfactory dichroism without a stretching step—e.g., by dipping thefiber in a container of dye.

The preferred dyes in the present invention are luminescent (i.e.,fluorescent or phosphorescent). More preferably, fluorescent dyes areutilized as the marking material. Phosphorescent marking materials mayalso be used, however. The appropriate dye for use in a particularapplication will depend upon the specifics of the situation. In general,most preferably a fluorescent dye is selected so that the dye'sdichroism is maximized at the intended detector wavelength. The markingdye may be tailored to quite specific applications. For example, a dyethat emits in the infrared portion of the spectrum may be used to createan authentication signature that is invisible to the eye yet easilydetected with appropriate instrumentation.

The fluorescence signal is preferably provided by a fluorescent dye orpigment doped into the fiber polymer matrix, having a long major axis toalign with the polymer chains of the fiber during the drawing process.Known dyes may be used, for example organic fluorescent dyes that haveabsorption and emission in the infrared to near-ultraviolet range. Thesedyes are also known for a variety of other uses, such as fluorescencemicroscopy, chemical detection and tagging, physical photon captureapplications, and the like. A fluorescent dye or pigment must also besufficiently stable, thermally, to withstand the fiber productionprocess as well as uncontrolled environmental exposure. Therequired/preferred concentrations of dye track those utilized in fibertechnology generally—i.e., no special processing is required to combinethe indicator and marking materials—except for perhaps an added processstep to coalign the dye molecules within/along the indicator fibers asdiscussed above.

To duplicate labels containing the fluorescent dichroic fibers, acounterfeiter would need to, among other things: duplicate thefluorescent dye used (to produce the same emission behavior at theselected detector wavelength); use fibers of the same general length andshape; and produce counterfeit label stock having the same generalnumber of fibers per a given area of paper. Any attempt to counterfeitthe fiber-containing label through a printing-based process would failsince printing would not reproduce the fibers' dichroism, and even thefluorescence would be difficult to achieve.

Thus, at higher levels of authentication, the pattern of the fluorescentdichroic fibers is detected and archived during initial processingthereof (i.e., before the label is circulated). When a particular labelis submitted for examination, a detector can be used to ascertain thefibers' position within the paper, as well as its dichroism, e.g.,polarization angle, .theta. A three-dimensional (i.e., x, y, .theta.)authentication mechanism can therefore easily be provided by using animaging device, such as a CCD imaging array, with associatedpolarizer(s). This CCD imaging array may be an area array or line-scanarray, the latter requiring a separate scanning system. The polarimetermay include fixed or rotating (variable) polarizers.

At a highest level of security and authentication, the marked label ismeasured before it is circulated to record the path (x, y),.theta.sub.lambda.x,y (polarization angle at wavelength .lambda. at aposition x,y) A.sub.lambda.x,y (specific absorption at wavelength.lambda. at a position x,y), physical disposition of the fibers withinthe media (e.g., label). It would be very difficult to duplicate theseparameters. This data, or a subset thereof, is formulated as a plaintext message and encrypted into cipher text by an encryption algorithm,such as the triple 56 bit DES encryption algorithm or the RSA publickey-private key algorithm. In the former case, the authenticationrequires a secure and trusted party, which holds a symmetric key. In thelatter case, the public key is published, and may be used to decrypt themessage to determine if it corresponds to the label characteristics.

The scanned pattern on the certificate is captured as a set of pixels,and represented internally in the image processor as an image projectedon a surface, with the surface not necessary being constrained as aplanar sheet. This processor may provide a raster-to-vector conversionprocess. The printed code is also imaged, and captured by the processor,for example by optical character recognition, bar code recognition,pattern recognition, magnetically ink coded recording (MICR) reader, orother known means. The projected image is then compared with the idealimage represented by the code printed on the certificate. A stochasticanalysis is performed of the types and magnitudes of any deviations, aswell as correlations of deviations from the ideal. The deviationpattern, as well as any other deviations from the encoded patterns,which for example represent lost or obscured fibers, noise,environmental contamination with interfering substances, errors orinterference in the original encoding process, etc., are then used todetermine a likelihood that the certificate itself corresponds to theoriginally encoded certificate. Thus, the determined authenticity isassociated with a reliability thereof, based on stochastic variations inthe properties of the authentication certificate and stochasticvariations in the generation of the associated secure code. A thresholdmay then be applied to define an acceptable error rate (false positiveand false negative) in the authentication process. The reliability ofthe authentication or a go/no-go indication is then output.

In order to avoid the requirement for encrypting an entire orsubstantial portion of a representation of an image of the certificate,the medium may be subdivided into a plurality of regions, each regionassociated with a vector, which, for example is two-dimensional or ofhigher dimensionality. The vector, which represents an irreversiblecompression of data derived from the region, is then encoded andencrypted in the encrypted message. For verification, the vector mappingis decrypted and unencoded from the recorded message. The medium is thenscanned, and an analogous vector mapping derived from the newly scannedimage. The recorded vector map is compared with the measured vector map,allowing a correlation to be determined. In this case, given the largenumber of degrees of freedom, e.g., a polarization vector for eachregion or zone, even relatively large deviations between the recordedand measured vector maps may be tolerated in the authentication process.Thus, an initial deskewing and dewarping algorithm may be use toinitially align the regional boundaries to achieve maximumcross-correlation. Such algorithms and image processing systems areknown in the art. A cross correlation of even 0.1 over tens or hundredsof degrees of freedom may be sufficient to allow highly reliableauthentication with a low number of false positives and false negatives.

The label may thus be subdivided into a plurality of zones, eachassociated with an encrypted code portion. In this case, since eachsubdivided zone stands alone, any such zone or set of zones withsufficient degrees of freedom may be used to authenticate the entirelabel. Where the zones are small or have a limited number of degrees offreedom, the reliability of authentication of the entire label by anyone zone may be insufficient. Therefore, a plurality of zones may beauthenticated, with each authenticated zone adding to the reliability ofthe resulting authentication. Any zones that fail to authenticate mayalso be weighted into the analysis, although typically with a lowerweight than zones that correctly authenticate.

The present invention therefore provides systems and methods employingself-authenticating and on-line authenticating schemes, allowingdetermination of object authenticity by evaluation of a non-duplicableand essentially random pattern.

More specifically, one aspect of the present invention provides a methodand apparatus for the production and labeling of objects in a mannersuitable for the prevention and detection of counterfeiting, thatincludes a recording apparatus containing a recording medium havingmacroscopically detectable anisotrophic optical properties.

In a dichroic fiber embodiment, a plurality of dyes may be employedwithin the fibers, either using multiple dyes in a single fiber, or aplurality of fiber types, each having different dye properties. Eachdye, having a distinct absorption and fluorescence spectrum, isseparately detectable. Further, the respective dye concentrations may bevaried during the manufacturing process, or later selectively bleachedby, for example, a laser at an absorption maximum wavelength of aparticular dye species. The dichroism may also be varied, for example bycontrolling a stretch process during fiber production, or by heating thefiber above a recrystallization point with, for example, a laser. Thus,for example, using commonly available three-color image detectors (inconjunction with an appropriate optical system), three separate dyes maybe detected, providing additional degrees of freedom for anauthentication scheme. It is noted that, while dichroic fibers arepreferred, it is not necessary for each dye to be associated with adichroic property or a distinct dichroic property. Thus, the dichroism,fluorescence, and absorption and/or transmission characteristics maypotentially be distinct characteristics of the fiber.

In another embodiment of the invention, microspheres or other shapedobjects are provided having dichroic properties. In this case, the datamap includes the position and polarization axis orientation of theobjects, which it should be understood is a three dimensional vector inthe case of a linear fluorescent emission axis from a dye and a twodimensional vector in the case of a radially symmetric fluorescentemission from a dye. Advantageously, these objects may either beembedded in the stock or applied later, using a printing process, forexample lithography, ink jet printing, specialized laser printing (withcare taken to avoid undesired changes to the dichroism in the fuser),and the like.

According to one embodiment of the invention, dichroic fibers are formedof nylon having a fluorescent dye mixed into the polymer matrix. Duringthe forming process, the fiber is stretched, which tends to align themolecules along the stretch axis. This anisotropic characteristic leadto dichroism, which differentially affects light of varying polarizationaxis. Therefore, due to this differential effect, the fiber will have alight polarization rotation, especially at wavelengths corresponding tothe absorption and/or emission of the fluorescent dye. It is noted thatthe nylon itself may also be dichroic, but typically the effect is noteasily observed at visible or other easily measured wavelengths; on theother hand, the dye is specifically selected to have useful opticinteractions and to obtain a high degree of anisotropism under theprocess conditions.

The preferred nylon dichroic fibers allow for a number of identifyingvariations, for example the amount or type of dye in the fiber, optical,heat, physical or chemical (e.g., chemical or photo-bleaching, heating,stretching or fiber deformation) modifications of the fiber during orafter fabrication, or after placement in an identifying substrate. Ascan be seen, a number of degrees of freedom are possible, providing anumber of strategies for detection and making duplication difficult. Thepreferred variations are the amount of dye and physical stretch, both ofwhich can be controlled, early in the manufacturing process of thefibers. Preferably, these two variations are provided over relativelyshort distances, for example millimeter ranges or smaller, providing arelatively high information-carrying capability, and this allowingrelatively short lengths of fiber to provide sufficient information toidentify the substrate.

Alternately, a modulated laser may be used to modify the fiber, to alterthe dye and/or molecular chain organization. Such laser coding can beapplied on a physical scale of microns, and can be controlled to tighttolerances. Fibers may also be used which are selectively sensitive toenvironmental conditions, such as temperature, humidity, gasses, and thelike, so that a change in characteristics, e.g., opticalcharacteristics, is measured based on a change in such conditions. Thus,for example, a document is provided with fibers that change in colorwith respect to temperature, humidity, or pH. The document is thenanalyzed in two or more different states, and the differential responserecorded. It is noted that, in order to change pH, an acid gas solublein the fiber, such as hydrochloric acid, acetic acid, moist carbondioxide or ammonia, is provided in the environment. Other types of dyeindicators are also known.

According to another feature of the invention, an authentication featureof a certificate degrades over time or environmental exposure, makinglong-term persistence of authentic documents in the market moredifficult. Such a component is, for example, a dye or additive thatdegrades with ambient light or oxygen exposure under normal conditions,or even is the result of a progressive internal chemical reaction, forexample due to a catalyst dissolved in the fiber matrix. Of course, thisdegradation limits the ability to inventory and ship normal stock thatare intended to be deemed authentic after a long period of time, andcompels expedited authentication. However, for applications where ashort time window is appropriate, such “self-destructing”anti-counterfeit technologies may be appropriate.

The present invention also provides a recording apparatus capable ofimprinting a desired dichroic pattern on a substrate. This pattern,therefore, could be authenticated by means similar to that provided forfibers. In distinction to fibers, imprinted patterns would be pixelated,on the surface of the medium only, and have very limited dichroicproperties. A visual examination would also reveal that the pattern wasnot due to fibers. Thus, a careful examination could distinguish themethods. However, this allows the use of a common reader device toauthenticate distinctly different certificates.

The recording apparatus provides at least two transfer films, having theappropriate dichroic properties, which are selectively deposited on asubstrate in a microscopic pixel pattern, to yield the desired pattern.

It is noted that, according to the present invention, the opticalproperties of the fibers or dyes need not be in a visible optical range,and therefore infrared reactive dyes may be employed. Two advantagesresult from the use of infrared dues and detection equipment. First, thepattern may be spatially coincident with a visible graphic, therebyincreasing spatial utilization efficiency. Second, infrared laser diodesand light emitting diodes are less expensive that their visiblecounterparts, and are available in various wavelengths; and simplesilicon photodiode detectors are appropriate.

According to an embodiment of an authentication device, a tag isprovided having visible from a surface thereof a low densitynon-deterministic dichroic fiber pattern, and a machine-readable codedefining the fiber pattern. The authenticity of the tag is thereforedependent on a correspondence of the machine readable code on the tagand the actual fiber pattern on the tag.

The preferred dichroic fibers have a relatively narrow opticalabsorption bandwidth to excite fluorescence, and therefore requireeither a carefully selected narrow-band source, such as a laser diode orlight emitting diode, or a broadband light source, such as anincandescent lamp. In the case of a broadband source, in order tomaintain a high signal to noise ratio, a filter is preferably providedto limit emissions near the fluorescent wavelength.

For example, a narrow band diffraction filter, e.g., 565 nm, passinglight at the absorption maximum may be provided to filter the light froma xenon incandescent bulb.

The optical sensor system also includes a filter to pass the fluorescentlight emitted from the fibers, but block other stray light. For example,a red, e.g., 620 nm pass, Ratten filter may be used. Ascertaining thepresence of a particular dye is facilitated by hyperspectral analysis.

In order to detect the dichroism, a rotating polarizer may be employed,while capturing images during various phases of rotation. Typically, thefibers have a dichroism closely related to the physical axis of thefiber. By detecting dichroism, therefore, the existence of a fiber ascompared to a normally imprinted indicial may be determined. Thedetection of dichroic features also advantageously allows digitalbackground subtraction.

Typically, the fibers have a uniform cross section, and thus thesignificant data included in a fiber pattern is the endpoints and pathof the fiber. This information may therefore be efficiently coded, andindeed, much of the information may be truncated without substantialloss of system security.

The tag preferably has a bar code imprinted thereon withself-authenticating information and a serial number. A bard code readerin the authentication device therefore reads the code. Theself-authenticating information is then compared with the detected fiberpattern to determine a correspondence thereof. This correspondence maybe based on a normalization transform, to account, for example, forimage skew or other artifacts. Further, since the tag is subject tochange due to environmental factors, an acceptable error rate or fuzzymatch correlation may be defined, to avoid false negatives, whilemaintaining an appropriately high level of security.

The present invention may also be applied to the authentication ofoptical recording media. According to a first embodiment, an opticaldisk is provided with a measurable random error rate due to physicalimperfections in the optical recording medium. While presently,manufacturing techniques are such that the error rate is low, the baseerror rate may be artificially increased by inserting impurities in theresin used to form the media, for example a polycarbonate resin. Onetype of impurity is air-filled glass microbeads (3M) which would havethe effect of dispersing light between the read laser and theinformation pattern, this resulting in random bit errors.

In data recording media, error detection and correction techniques wouldlikely be able to counteract the effects of such defects. On the otherhand, in musical compact disks (CDs), which do not employ errordetection, such random errors would likely have little effect on thereproduced sonic quality, due to the presence of digital and analogfilters in the signal path.

According to the present invention, the position of the defects may beencoded, and therefore verified. It is possible to record a on-off codeon a CD, for example by selectively metallizing or demetallizing acircumferential band of the disk in a binary data pattern, which couldbe read by the read head as a bar code. Demetallization could beeffected, for example, by a carbon dioxide laser ablation pattern. Thedefect data pattern and code are intercepted, for example, at the outputof the optical detector or as a component of a digital filter processingthe output of the optical sensor. Firmware within the CD playerdetermines a correspondence of the code with the actual defect patternon the disk, and may block playback of disks that lack correspondence.The player may also use error correction based on the encoded defectlocations to counteract the effect of the defects on the signal.

These disks are backwards compatible with existing players, since theerrors are generally effectively filtered.

While it is preferred to employ the existing optical pickup of theoptical disk drive to read the disk defect characteristics, it is alsopossible to employ a distinct system. For example, the encoding may beplaced partially or entirely on the non-data reading surface of thedisk. This encoding may be read within a disk player or separately. Forexample, a simple LED and photodiode may be provided to read anon-deterministic pattern and code formed on the back of the disk, alonga single circumferential path. The non-deterministic pattern may be, forexample, a surface roughness or irregularity, a pattern of ink drops orfibers dispersed in a graphic ink, or the like. The code may be simplyprinted using existing contact or non-contact techniques.

It is a feature of the present invention wherein an excitation sourcemay be employed, the excitation source being a bright light source, suchas a xenon incandescent bulb, with a narrow band diffraction filterapproximating the absorption maxima filtering said light.

It is an object of the present invention to provide, wherein optionallythe absorption and emission wavelengths are narrow, a broad-bandreceiver having a cutoff filter to block exciting light.

It is a feature of the present invention wherein a polarizer is providedbetween said broad band receiver and a sample, which rotates betweensuccessive exposures, wherein over a half-rotation of said filter, twoor more exposures are taken, such that by employing digital backgroundsubtraction, the dichroic fibers, which show maximum variance withrespect to rotational angle of the filter as compared to backgroundsignals, are extracted.

According to the present invention, the label or certificate may beprovided with codes having a multiplicity of levels. Thus, even if afirst level code is broken, one or more backup codes may then beemployed. The advantage of this system over a single level complex codeis that the complexity of the detection devices used in the firstinstance may be reduced, and the nature and even existence of the higherlevel codes need not be revealed until necessary.

In order to prevent mass duplication of labels or certificates, it ispreferable to encrypt and print a code representing varyingcharacteristic of the label or certificate. In verifying the code, theassociated characteristics must correspond. Such a system adds markedlyto the complexity of any counterfeiting scheme, while still allowinglabeling or goods and production of certificates to proceed. In asimpler system, the mere repetition of supposedly random or pseudorandomcodes is detected, indicating simple copying.

In order to prevent the replacement of an authentic label on a differentitem, a unique, random or quasi-unique characteristic of the item isencoded on the label. In this way, relocation of the label to othergoods may be detected.

In order to provide robustness against encryption cracking, a pluralityof encoding schemes may be employed, for example to avoid completesystem failure if one of the encoding schemes is “broken”. For example,three different codes may be provided on the certificate, employingthree different algorithms, and potentially based on three differentsets of criteria.

Preferably, the encoding and authentication employ a system whichprevents tampering, reverse engineering or massive interrogation, whichmight lead to a determination of the underlying algorithm and/or thegeneration of valid codes for counterfeit goods. Thus, for example, asecure central server may provide authentication services, over securecommunications channels.

Self-authentication may be based on a public key algorithm, however,unless this algorithm is highly secure, this is not preferred for highsecurity applications, but may be acceptable in moderate securityapplications. The risk is that if the private (secret) encryption key isdiscovered or released, the usefulness of the encoding is lost, andfurther, until the pool of authentic goods bearing the broken encodingis depleted, counterfeiters may continue undetected. Self-authenticationschemes are subject to sequential cracking attempts until the code isbroken; once an authentication code (private key) is discovered, it maybe used repeatedly.

It is noted that the imprinted code on the certificate need not bevisible and/or comprehensible, but rather may itself be a securityfeature. Thus, special inks, printing technologies, or informationstorage schemes may be employed. Preferably, proprietary dyes havingunique detectable optical signatures are employed.

Another embodiment of the invention provides an authenticatable sealingtape. The tape is imprinted with a machine readable code, which, forexample, uniquely identifies the tape portion at repetitive intervals,e.g., every 2 inches. The tape also includes a set of fiducials asphysical landmarks and a dichroic fiber pattern, for example due to alow density of fibers adhered to the adhesive side of the tape in anon-deterministic pattern. The tape is tamper evident, such that if thetape is cut or removed, evidence remains of this tampering.

Prior to spooling, the codes and associated fiber patterns are recordedin a database.

When applied, the contents of the sealed container are identified, andthe tape identification scanned, with the contents thereafter associatedwith the identification of the tape. During authentication, the tape isagain scanner for identification and fiber pattern, which is thenauthenticated on-line to ensure authenticity.

While the tape may also be self-authenticating, this poses the issue offalse positive authentications if a spool of tape is stolen, since theimprint on the tape does not relate to the contents of the sealedcontainer.

One embodiment of the present invention thus solves the above notedproblems and overcomes suboptimizations inherent in the prior art byproviding an authentication mechanism utilizing fluorescent dichroicfibers. The fibers are randomly and non-deterministically embedded intoor form a part of a substrate. This means that by studying any onesubstrate, the pattern in any other substrate, and therefore a coderepresenting that pattern, is not made apparent. This pattern may bestored in a database with an identification of the substrate, indexingthe stored characteristics of the substrate, and/or encoded on thesubstrate with an imprinted encrypted code.

The preferred system incorporates a sheet of material, theauthentication certificate or label, impregnated with dichroic fiberscontaining a fluorescent dye, that combines to form a high securitysystem to thwart counterfeiting in a wide range of applications.Dichroic polymer fibers may also form part of the object to beauthenticated. These fibers are relatively difficult to produce, andtheir embedding into paper or woven goods requires special equipment.Further, these fibers are observable with the naked eye, discouraginglow sophistication attempted counterfeiting of certificates without thisfeature. This system allows for instant field verification of labelswhile maintaining a high level of security against counterfeiting bymaking the reverse engineering process extremely difficult andexpensive. No two labels are ever alike, yet they can be produced veryeconomically. In order to determine if the imprinted code corresponds tothe certificate itself, the fiber pattern, which is completely random,is illuminated by a light and read by a scanner. The resulting patternis then compared to the encoded pattern to determine authenticity.

According to a preferred embodiment, the pattern on the certificate isrepresented as an image projected on a surface, with the surface notnecessary being constrained as a planar sheet. Therefore, relativedeformations of the certificate pattern may be resolved throughmathematical analysis using known techniques. The relative deformations,as well as any other deviations from the encoded patterns, which forexample may represent lost or obscured fibers, noise, environmentalcontamination with interfering substances, errors or interference in theoriginal encoding process, etc., are then used to determine a likelihoodthat the certificate itself corresponds to the originally encodedcertificate. Thus, the determined authenticity is associated with areliability thereof, based on stochastic variations in the properties ofthe authentication certificate and stochastic variations in thegeneration of the associated secure code. A threshold may then beapplied to define an acceptable error rate (false positive and falsenegative) in the authentication process.

To produce an informational level of security which allowsauthentication without accessing a central information repository(database), the location or particular characteristics of the dichroicfibers, which are random or unique, are determined, and used to generatean encrypted code, wherein the encryption algorithm key (or private key)is maintained in secrecy. Therefore, the code must match the dichroicfiber location or characteristics for authentication of the certificate.Since the dichroic properties provide a characteristic which existingduplication systems cannot control, the certificate with encoding isvery difficult to undetectably duplicate.

According to another embodiment of the invention, fibers may be providedwith spatial variation in patterns, such as dichroism, color, coatingthickness, or the like, providing additional, and difficult toreproduce, degrees of freedom into the security scheme. These variationsmay be random or relatively unique, and, for example, may include enoughinformation content to uniquely identify the object. For example, thepolarization angle along the length of a dichroic fiber may becontrolled by altering a “stretch” of the fiber during fabrication, orpost modification, for example by laser diode heating to form apolarization angle pattern on the fiber which varies over distance. Thepattern may be truly random, or pseudorandom, with an arbitrarily largerepetition interval or have a regular pattern. In any case, as the fiber(either on the object or the certificate itself) is being encoded on anauthentication certificate, the fiber is analyzed for the particularproperty, and this property and possible the relationship to otherproperties, used, in part, to encode the certificate. It is noted thatthe replication of such patterns on fibers is particularly difficult,making this a useful additional security feature beyond the merepresence of dichroic fibers.

As stated above, the fiber may be imparted with a varying dichroiccharacteristic by selectively dying or bleaching a fiber or by inducingdichroism by selectively stretching portions of the fiber. In oneembodiment, a beam of light, e.g., a laser, may be used to excite andselectively bleach dye within the fiber, providing a system for“writing” information to the fiber. In another embodiment, the fiber orsubstrate is coated with a magneto-optic recording layer which isselectively heated above the Curie temperature and selectively subjectedto a magnetic field to induce a measurable light polarization effect.

The fiber may be modified during or in conjunction with themanufacturing process, or at a point of use. When a laser is used tomodify the fiber, it heat the fiber, thereby altering the alignment ofmolecules, and/or it may bleach the dye in the fiber, thus reducing theconcentration of the fluorescent species. The laser may be driven in aregular pattern, a random pattern, a pseudorandom pattern, or in achaotic state of operation. In the latter case, the inherent instabilityof the laser is employed. It is noted that, according to the method ofVanWiggeren and Roy, “Communication with Chaotic Lasers”, Science,279:1198-1200 (Feb. 20, 1998), an information signal may be modulatedonto the laser output and masked by the chaotic variations, providing anencrypted data signal. By replicating the state of a receiving systemlaser having similar characteristics, including parameters of operationand starting state, it is possible to decode the data from the outputsignal. See Also, Gauthier, D. J., “Chaos Has Come Again”, Science,279:1156-1157 (Feb. 20, 1998). Thus, for example, a serial number orother coding may be imparted to the fiber which would be difficult todetect or duplicate without knowledge of the encoding system parameters,providing an additional level of security.

The label formed with the fibers may be identified based on anidentifying location of the fibers, and/or identifying characteristicsof the fibers. The fibers may be randomly dispersed in a carriermaterial, at such density to allow reliable identification, but withoutobscuring identifying features. For example, the fibers may be mixedinto pulp to form paper, such as in the process used for U.S. currency.The locations of the fibers are then determined, allowing a correlationbetween the fiber locations and the identity of the substrate.

The present invention thus encompasses a system that reads a uniquecharacteristic of a label or certificate and imprints thereon anencrypted message defining the unique characteristic, making the labelor certificate self-authenticating. Optionally, a unique or identifyingcharacteristic of an object associated with a label or certificate maybe further ascertained and printed as an encrypted message on the label,uniquely associating the label or certificate with the object.Preferably, the characteristic of the object is a random tolerance orhighly variable aspect, which is difficult to recreate, yet which iscomparatively stable over time so that measurements are relativelyrepeatable. Where the characteristic changes over time, preferably thesechanges are predictable or provide identification, such as of the dateof manufacture. As stated above, the authentication algorithm maycompensate or take into consideration “normal” changes or deviations,thus minimizing rechecks or manual examination of the certificates orlabels.

The labeling system therefore includes a reader, for reading the uniquecharacteristics of the label or certificate, such as a polarizationsensitive imaging device for reading a distribution of dichroic fibersembedded in paper, and optionally a device which measures an identifyingcharacteristic of the object to be labeled, such as a dimension,tolerance, color, sewing or thread pattern, etc. This information isthen encrypted using an algorithm, to produce an encrypted message,which is then printed in the label, for example using a dye sublimationor ink jet printer. The encryption is preferably a multilevel system,for example including a 40-bit algorithm, a 56-bit algorithm, a 128 bitelliptic algorithm, and a 1024 bit algorithm. Each message level ispreferably printed separately on the label, for example, the 40 bitencrypted message as an alphanumeric string, the 56 bit encryptedmessage as a binary or bar code, the 128 bit elliptic encrypted messageas a two-dimensional matrix code and the 1024 bit algorithm as apseudorandom placement of dots of one or more colors on the face of thelabel. Alternately, the higher level messages may be encrypted by thelower level algorithms, providing a multiple encryption system.Preferably, each encrypted message corresponds to successively moredetailed information about the label and/or the object, optionally withredundant encoding or potentially without any overlap of encodedinformation. This system allows readers to be placed in the field to besuccessively replaced or upgraded over time with readers that decode themore complex codes. By limiting use of the more complex codes, andrelease of corresponding code readers, until needed, the risk ofpremature breaking these codes is reduced. In addition, the use of codesof varying complexity allows international use even where export or userestrictions are in place of the reader devices.

The invention also provides a reader adapted to read the characteristicof the label corresponding to the encoded characteristic, optionallysense or input the characteristic of the associated object, and eithermanually or automatically verifies the printed code on the label. If thecode verifies, the label and/or object are authentic.

Preferably, both the marking system and the reader have a secure memoryfor the algorithm(s), which is lost in event of physical tampering withthe devices. Further, the devices preferably have a failsafe mode thaterases the algorithm(s) in case of significant unrecoverable errors.Finally, the systems preferably include safeguards against trivialmarking or continuous interrogation, while allowing high throughput ormarking and checking of objects and labels.

Since the algorithm memory within the reader may be fragile, a centraldatabase or server may be provided to reprogram the unit in case of dataloss, after the cause of loss is investigated. Any such transmission ispreferably over secure channels, for example 128-bit encryption orso-called secure socket layer (SSL) through a TCP/IP communicationprotocol. Each reader and marking system preferably has a uniqueidentification number and set of encryption keys for any communicationwith the central system, and a marking placed on the label indicative ofthe marking conditions, for example marking system ID, date, location,marking serial number, and the like.

Labels can be affixed to any number of consumer and high securityapplication including, for example, CDs/software, designer clothes,wine, cosmetics, seals, video tapes, floppy disks, perfume, electronics,currency, cassettes, books, records, documents, and financialinstruments.

The detailed preferred embodiments of the invention will now bedescribed with respect to the drawings. Like features of the drawingsare indicated with the same reference numerals.

In FIG. 1, a substrate 1 with dichroic fibers 2 located on it is subjectto a filter 3 of an incandescent lamp 4. A polarizer 5 is beneath afilter 6 underneath a camera 7 and this camera 7 via a Universal SerialBus (USB) 9 is connected to a computer 11 which is in turn connected toa bar code scanner 13 via a RS-232 standard serial port 12. The bar codescanner 13 scans the bar code 14 on the substrate 1 and completes theauthentication procedure with the aid of the computer 11.

FIG. 2 shows a thermal transfer ribbon 15 comprising a substrate 19, andpositioned on the substrate 19 is a thermosoftenable coating 18 whichcomprises a layer 16 and a layer 17. layer 17 comprises a sensiblematerial, e.g. binder compounds. Layer 16 is crystalline, and has amelting temperature above the printing temperature. Layer 17 containspolymers of selectively curable monomers and/or oligomers, to provideadhesion to the substrate. The melt viscosity and thermal sensitivity oflayer 17 is determined by the melting points of the monomers, oligomers,polymers, thermoplastic binder resins and waxes therein and the amountsthereof in each.

FIG. 3 shows a thermal transfer medium of FIG. 2 in the process offorming an image by thermal transfer. With lower melt viscosity valuescomes lower cohesion within the coating 18. Low cohesion allows foreasier separation from the substrate 19. Exposure to heat from thethermal transfer head 20 causes transfer of both the layers 16 and 17 toa receiving substrate 22 without splitting layer 16 or separating layer17 and layer 16 upon transfer, so as to form a crystalline layer 16 ontop of an adherent layer 17. The layer 16, due to its crystallinity, hasdichroic properties, which are retained intact through the process.

FIG. 4 shows a thermal transfer printer 23 with a platen 24 having theshape of a flat plate, arranged at a desired position, the recordingsurface of the platen 24 being oriented generally vertically. In a lowerfront side of the platen 24, a guide shaft 25 is arranged in parallel tothe platen 24. The guide shaft 25 is mounted with a carriage 26 that isdivided into an upper portion and a lower portion. The lower portion isa lower carriage 26 a mounted on the guide shaft 25. The upper portionis an upper carriage 26 b which is accessible, in vertical direction, tothe lower carriage 26 a mounted with a ribbon cassette 27(27 n). Thecarriage 26 is reciprocated along the guide shaft 25 by driving a drivebelt 28 wound around a pair of pulleys, not shown, with an appropriatedriving device such as a stepper motor, not shown. The carriage 26 isarranged with a thermal head 29 opposite and accessible to the platen 24to make recording on a sheet of paper, not shown, held on the platen 24when the thermal head 29 is pressed the platen 24. The thermal head 29is provided with a plurality of heat-generating elements, not shown,arranged in an array to be selectively energized based on desiredrecording information supplied via a host computer. Specifically, thecarriage 26 has the plate like upper carriage 26 b on top of the lowercarriage 26 a in a parallel movable manner such that the upper carriage26 b accesses the lower carriage 26 a by a pair of parallel cranks (notshown). On the left and right sides of the upper carriage 4 b,plate-like arms 30 are disposed in a standing manner with a spacebetween equal to the width of the ribbon cassette 27. Each arm 30 has anengaging portion 30 a at its top end being gradually bent inward. At thecenter portion of the upper cartridge 26 b, a pair of rotary bobbins31(31 n) are arranged in a projecting manner with a predeterminedinterval between them. The pair of bobbins 31 allow an ink ribbon 32(32n) to travel in a predetermined direction. One of the bobbins 31 is atake-up bobbin 31(a) for winding the ink ribbon 32, while the other is asupply bobbin 31 b for supplying the ink ribbon 32. An optical sensor 33for detecting the type of the ink ribbon 17 accommodated in the ribboncassette 27 is disposed on the carriage 26 at its edge away from theplaten 24. The optical sensor 33 is connected to a controller 34disposed at a desired position of the thermal transfer printer 23 forcontrolling the recording operation and other operations thereof. Thecontroller 34 is composed of a memory, a CPU, and other components, notshown. Based on a signal outputted from the optical sensor 33 while thecarriage 26 is moving, the controller 34 at least determines or detectspresence or absence of the ribbon cassette 27, the type of the inkribbon 32 accommodated in the ribbon cassette 27, the travel distance ofthe carriage 26 relative to its home position, the open or close stateof a canopy 35, and the distance between the pair of adjacent orseparated ribbon cassettes 27. The generally-plated canopy 35 isarranged over the carriage 26 spaced on a frame, not shown, such thatthe canopy can be opened and closed. In the closed state, the canopy 35serves to hold down the paper at the exit of a paper feed mechanism, notshown. The canopy 35 has a length, along the carriage 26, generallyequivalent to the travel area of the carriage 26. A plurality ofcassette holders, not shown, for holding the ribbon cassettes 27 aredisposed at predetermined positions on the canopy 35 at the side opposedto the carriage 26. By these cassette holders, the ribbon cassettes 27a, 27 b, 27 c, and 27 d housing ink ribbons 32 a, 32 b, 33 c, and 32 drespectively of four different colors and/or dichroic axes, are arrangedin a row along the travel direction of the carriage 26. The ribboncassettes 27 a, 27 b, 27 c, and 27 d are selectively passed between thecanopy 35 and the carriage 26 b, and the cassettes are the same in shapeand dimension regardless of the types of the ribbons 32. Each of theribbon cassettes is composed of a generally flat and rectangular casebody 36 made of upper and lower members in which a pair of rotatablysupported reels 37, a pair of rotatably supported ribbon feed rollers,not shown, and a plurality of rotatably supported guide rollers facing aribbon path are disposed. The ink ribbon 32 is wound between the pair ofreels 37. The middle of the ribbon path for the ink ribbon 32 is drawnoutside. The pair of reels 37, when mounted on the upper carriage 26 b,provide the take-up reel for winding the ribbon used for printing andthe supply reel for feeding the ribbon 32. A plurality of key groovesare formed on the inner periphery surface of each reel 37 in a manner ofspline spaced from each other around the periphery. The inner peripherysurface of one reel 37 provides a take-up hole 37 a in which the take-upbobbin 31 a is engaged. The inner periphery surface of the other reel 37provides a supply hole 37 b in which the supply bobbin 31 b is engaged.On the surface of the ribbon cassette 27 opposed to the platen 24 whenthe ribbon cassette is mounted on the carriage 26, a recess 38 is formedto which the thermal head 29 faces. In this recess 38 the middle of theribbon 32 is drawn. On the rear side of the ribbon cassette 27 runningin parallel to the side on which the recess 38 is formed, anidentification marker 39 is disposed for identifying the type of the inkribbon 32 housed in each ribbon cassette 27.

In FIG. 5, the start of the process 42 leads to the definition anddetermination of a dichroic fiber pattern 43 within a substrate or on alabel. Next is the generation of a pixel definition 44 followed byprinting polarization for axis 1 and band 1 45. Next print polarizationaxis 2, band 1 46, and then print polarization axis 1 and band 2, andaxis 2, band 2, respectively, 47 and 48.

FIG. 6 shows an authentication certificate 50 with a bar code 56, ahologram 51 containing the logo of the respective entity employing sucha certificate, a numeric representation 52 of the bar code 56, and apatch 54 containing randomly spaced dichroic fibers 53 along an axisy₀-y₁, and along axis x₀-x₁. Also included on the certificate is a glyphpattern 55, which is generally considered to be more aesthetic than thebar codes, and is designed chiefly for facsimile transmittal. Optionallythe title of the document 57 can be included for an added measure ofsecurity.

FIG. 7A is a tape 58 used to seal items vulnerable to tampering andcounterfeiting such as cartons containing Compact Disc jewel boxes andother valuable merchandise. The tape is itself a bi-layer so that if thetape is attempted to be removed, usually in an inappropriate situation,the bottom face, selectively adhered at distinct points 60 to the item,will expose a visual cue 61 that the item has been tampered with. Alsoincluded is a bar code 59 for an added degree of security, whichcorresponds to the random pattern of dichroic fibers 60A dispersedthroughout.

FIG. 7B shows an authenticatable tape 65 subject to more rigoroussecurity. A grid 200, 201, is printed on the tape to provide fiducialguidance to for detecting a fiber pattern 60A. The tape 65 also hasimprinted a serialized bar code 62 and a 2-D bar code 63. The bar code62 allows on-line authentication, identifying the tape 65 portion, whilethe 2-D bar code 63 allows self authentication based on the existence ofdifficult to forge dichroic fibers 60A, in a non-deterministic pattern,formed, for example by allowing fiber dust to settle on the surface ofthe exposed adhesive of the tape. As in FIG. 7A, the tape 65 is tamperevident, with, for example, a visible message 64 when the tape islifted.

FIG. 8A describes the process used to authenticate marked Compact Discswherein a laser 68 is used to illuminate a Compact Disc 66 with analuminized coating 69 and an exposed non-aluminized area of the disk hasa bar code 70, so that an embedded defect 67 is illuminated, blockingnormal reading of the data pattern on the disk, which is read by thedetector 71, and then digitally filtered 72 and intercepted by anauthentication processor 76. The data is also sent to a digital toanalog converter (D/A) 73 and then to an analog filter 74 for output 75.

FIG. 8B describes another embodiment of FIG. 8A whereby dye particles 81are dispersed on top of the Compact Disc 66. Also shown are the originalembedded defects 67, which may be, for example, microbubbles, the barcode 70, and the aluminum coating 69.

FIG. 9 shows a top view of the disk 66 showcased in FIGS. 8A and 8B withthe graphic image 88 visible. Shown are the randomly spaced dichroicfibers 83 interspersed either within the Compact Disc 66 or on thesurface, optionally in the advertising material. Also seen are theembedded pods 67 and the bar code 70 in a top view.

FIG. 10 shows a compact disk drive 202 with a disk 89, whose datapattern is read by a laser 90 and optical sensor 92. The top surface 206of the disk 89 is read by a light emitting diode 205 and a pair ofoptical sensors 203, 204. One of the optical sensors detects 203reflected light, while the other 204 detects fluorescent light (at adifferent wavelength than the illumination).

FIG. 11 describes the process for certificate authentication starting 93by first visually inspecting the certificate 94 to check forauthenticity. Then the certificate is scanned 45 and put through anon-line authentication process 46 where self-authentication data isextracted 97. If on-line authentication is selected 98, then there iscommunication with the centralized database 100 which retrievesauthentication data 101. If the authentication is off-line, theself-authentication data is extracted and processed locally. Theauthentication data is analyzed further 102 and then compared with theimage scan 103. The system checks to verify if the scanned imagecorresponds with the authentication data. If not 106, an exceptionprocess is performed 105. If yes 107, then the article is authenticated108.

FIG. 12A starts 110 with placing the certificate in the scanner 111. Thecertificate is subjected to polarized light of the first axis 112 andthen the image is read 113. Again it is subject to polarized light ofthe second axis 114 and the image is read 115. The dichroism is verified116 and the fiber pattern is thusly determined 117. The process thenstops 118.

FIG. 12B starts 119 with receipt of the fiber pattern 120, and thenreceipt of description of the prior fiber pattern 121. Thecontemporaneously read and previously determined fiber patterns are thencompared 122, with transformation 123 to normalize the data. Likewise,the normalized data is permitted an error tolerance 124. Based on theerror tolerance (which may be variable) the normalized data isauthenticated 125. The process stops 126.

FIG. 13A starts 127 with the verification of the absence of tampering bylooking (visual inspection) at the tape 128. The tape is scanned 129, toread a bar code and a non-deterministic pattern 129, and there iscommunication with the database 130. Then the authentication theresystem receives the authentication data 131, and a comparison betweenauthentication data with the scan pattern 132 is performed. Based on theresults of the comparison, the tape may be authenticated 133, and theprocess ends 134.

FIG. 13B starts 135 with the verification of the absence of tampering136 by looking at the tape, and both the fiber pattern on the tape 137and then the encrypted code 138 are scanned. An authentication 139 isbased on the fiber pattern scan and encrypted code. Based on the resultsof the authentication, an authenticate output 140 is selectivelyproduced, and the process ends 141.

FIG. 14A shows a flow chart of a process for authenticating a compactdisk or digital video disk. At the start 142 of the process, the compactdisk is loaded into a disk drive 143. A custom imprinted code, locatedon a peripheral (inner or outer) band of the compact disk, is read 144.This may be read using the normal data read mechanism, which include alaser diode and photodetector, or from an upper surface using aspecially provided sensor (in which case a peripheral location of thecode would not be necessary).

The drive then, based on the code, seeks “defects” in the disk, atlocations defined by the code. 145. The code, therefore, may includetrack and sector information for a set of defects, which may be limitedin number to 5-16 defects. Preferably, the absolute number of defects onany disk is not intentionally made higher than that necessary forauthentication.

Using the disk read circuitry, the location of the expected defects iscorrelated with the existence of actual defects, to authenticate thedisk 146. If defects are not found at the expected locations, or thereare an insufficient number of identified defects, the diskauthentication 146 fails.

Since the locations of the defects are encoded, it is possible tocorrect the output for the existence of the defects by filtering 147.The authentication process is then complete 148, and an authenticateddisk may be played normally.

FIG. 14B provides an authentication method which does not employ thenormal data laser to read a non-deterministic pattern, and thus does notrely on defects.

At the start 149, the disk is loaded into the drive 150. On the top(non-data reading) surface of the disk, a custom code is imprinted. Thiscode is read 151, for example by a one or more light emittingdiode-photodiode pair. This code is, for example a bar code disposedcircumferentially about a portion of the disk. A non-deterministicpattern is read 152 from the disk, which may be formed as a pattern ofink reflection, a pattern of fibers or ink spots, or the like, in linewith the optical read path of the sensor. This optical sensor is notpresently provided in known disk drives.

The correspondence of the non-deterministic pattern and the read code isthen verified 153.

The dye spectral characteristics or dichroism of the non-deterministicelements are also verified 154 by optical techniques.

Optionally, an on-line authentication procedure 155 may be employed, forexample to verify a detailed pattern of fibers on the disk.

If the non-deterministic pattern and physical attributes (dye and/ordichroism) correspond to an authentic disk signature, then the disk isauthenticated 156, and the disk may be used normally at the end of theprocess 157. Otherwise, firmware within the drive may be employed toprevent normal usage.

There have thus been shown and described novel receptacles and novelaspects of anti-counterfeit systems, which fulfill all the objects andadvantages sought therefore. Many changes, modifications, variations,combinations, sub-combinations and other uses and applications of thesubject invention will, however, become apparent to those skilled in theart after considering this specification and the accompanying drawingswhich disclose the preferred embodiments thereof. All such changes,modifications, variations and other uses and applications which do notdepart from the spirit and scope of the invention are deemed to becovered by the invention, which is to be limited only by the claimswhich follow.

What is claimed is:
 1. A method for permitting authentication of thecontents of a container having an interior space configured to besealed, comprising: providing a seal, configured to adhere to thecontainer and to seal the contents within the container, the seal beingtamper evident to reveal an attempt to remove the contents from thecontainer; capturing at least one image with an imager of microbubblesor particles fixed within the seal, and determining a position of themicrobubbles or particles fixed within the seal to a precision touniquely characterize the seal, the positions being subject tostochastic manufacturing variations; encoding a description of thedetermined positions of the microbubbles or particles fixed within theseal, in a cryptographically protected message, such that anauthenticity of the seal is determinable based on a correspondence ofthe microbubbles or particles fixed within the seal with thecryptographically protected message; imprinting the seal with a code;and physically sealing the container with the seal, such that physicalaccess to the contents of the interior space of the container afterphysically sealing the container results in ascertainable alteration ofthe seal to reveal evidence of tampering, wherein an analysis of theimprinted code, the description of the determined positions, a currentstate of the microbubbles or particles, and an inspection of anintegrity of the seal with respect to evidence of tampering, permitsreliable authentication of the contents of the interior space of thecontainer at a time after the capturing and physically sealing.
 2. Themethod according to claim 1, wherein the microbubbles or particlescomprise fibers in a non-woven sheet.
 3. The method according to claim1, wherein the microbubbles or particles comprise phosphorescentparticles.
 4. The method according to claim 1, wherein the microbubblesor particles comprise microbubbles within a resin.
 5. The methodaccording to claim 1, further comprising performing an analysis ofoptical depth within the seal of the microbubbles or particles.
 6. Themethod according to claim 1, further comprising illuminating themicrobubbles or particles with a light emitting diode.
 7. The methodaccording to claim 1, wherein the code comprises an identifying codeassociated with the container, wherein the description is indexed in adatabase according to the identifying code.
 8. The method according toclaim 7, further comprising: authenticating the container byascertaining an integrity of the tamper evident seal; measuring thepositions of a plurality of microbubbles or particles with an imager;determining an identity of the container based on the code; accessingthe description of the positions from the database based on the identityof the container; and comparing the description of the positions withthe measured positions.
 9. The method according to claim 8, wherein thedetermining comprises obtaining a plurality of images of the pluralityof microbubbles or particles with the imager under different conditions.10. The method according to claim 1, wherein: the description of thepositions is encoded based on at least one asymmetric cryptographictransform; further comprising authenticating the container bydetermining the positions of a plurality of microbubbles or particles;and comparing the description of the positions with the determinedpositions after performing at least one asymmetric cryptographicoperation which prevents release of at least the description of thepositions.
 11. The method according to claim 10, wherein the encodingcomprises a cryptographic hash of the description of the positions and aunique container identification, created by an automated processor. 12.A method for permitting authenticating the contents of a container,comprising: measuring positions, using an automated imager, of randomlypositioned microbubbles or particles of a tamper evident seal, subjectto stochastic manufacturing variations, to uniquely characterize therandom positions of the microbubbles or particles; cryptographicallyencoding, with at least one automated processor, a description of thepositions based on the measured positions in conjunction with anidentification of the container, wherein the encoded description is atleast one of an asymmetric cryptographic function of the measuredpositions, and encrypted information automatically communicated througha communication channel; and physically sealing the contents of thecontainer with the seal having an imprint conveying or referencing thecryptographically encoded description, such that an attempt to removethe contents of the container results in ascertainable alteration of theseal as evidence of tampering, wherein the description of the positionsis adapted to permit reliable authentication of the contents of thecontainer at a time after the measuring and the physically sealing bydetermining a similarity with a subsequent measurement of the positionsof the randomly positioned microbubbles or particles, and an absence ofevidence of tapering with the tamper evident seal.
 13. The methodaccording to claim 12, wherein the microbubbles or particles comprisefibers in a non-woven sheet.
 14. The method according to claim 12,wherein the microbubbles or particles comprise phosphorescent particles.15. The method according to claim 12, wherein the microbubbles orparticles comprise microbubbles in a resin.
 16. The method according toclaim 15, further comprising performing an analysis of optical depth ofthe microbubbles or particles within the resin.
 17. The method accordingto claim 12, further comprising: authenticating the contents of thecontainer by determining at a subsequent time, the positions of aplurality of microbubbles or particles; and comparing the description ofthe positions at the subsequent time with the determined positions,after performing at least one asymmetric cryptographic operation on anautomated processor which prevents release of at least the descriptionof the positions.
 18. An apparatus for forming an authenticatableobject, comprising: a camera configured to measure positions ofmicrobubbles fixed within a resin substrate of a tamper evident seal ata precision to uniquely characterize the object, the positions beingsubject to stochastic manufacturing variations; a processor configuredto at least: (i) analyze an image of the microbubbles or particlesproduced by the camera and; (ii) cryptographically encode a descriptionof the positions dependent on the analyzed image; and a recording mediaphysically associated with the tamper evident seal configured to storean identification of the authenticatable object and thecryptographically encoded description, defining the position of themicrobubbles fixed within the tamper evident seal.
 19. The apparatusaccording to claim 18, wherein the tamper evident seal comprises anadhesive.
 20. The apparatus according to claim 19, wherein theauthenticatable object comprises a container having a contents, and thetamper evident deal is configured to retain the contents in thecontainer and evidence an attempt to remove the contents from thecontainer.